From c38b1309ddd47396c16f1206cab29e627bdbd245 Mon Sep 17 00:00:00 2001 From: Max Radermacher Date: Fri, 5 Jun 2026 12:10:55 -0500 Subject: [PATCH] Remove unused provisioning/sync message fields --- Signal/Provisioning/ProvisioningManager.swift | 8 ++- .../Provisioning/ProvisionManagerTests.swift | 8 +-- .../ProvisioningCoordinatorTest.swift | 9 +--- .../Contacts/OWSSyncManager.swift | 22 +++----- .../Devices/LinkingProvisioningMessage.swift | 26 +++------ .../OutgoingKeysSyncMessage.swift | 12 ----- .../SecureValueRecoveryMock.swift | 12 ++--- .../Protos/Generated/Provisioning.pb.swift | 18 +------ .../Protos/Generated/ProvisioningProto.swift | 26 --------- .../Protos/Generated/SSKProto.swift | 26 --------- .../Protos/Generated/SignalService.pb.swift | 17 +----- .../Protos/Specifications/Provisioning.proto | 2 +- .../Protos/Specifications/SignalService.proto | 2 +- .../SecureValueRecovery.swift | 4 +- .../SecureValueRecovery2Impl.swift | 53 +++++-------------- 15 files changed, 44 insertions(+), 201 deletions(-) diff --git a/Signal/Provisioning/ProvisioningManager.swift b/Signal/Provisioning/ProvisioningManager.swift index a1d425d5e8..0cd1edad1a 100644 --- a/Signal/Provisioning/ProvisioningManager.swift +++ b/Signal/Provisioning/ProvisioningManager.swift @@ -50,7 +50,7 @@ public class ProvisioningManager { var aciIdentityKeyPair: ECKeyPair var pniIdentityKeyPair: ECKeyPair var areReadReceiptsEnabled: Bool - var rootKey: LinkingProvisioningMessage.RootKey + var aep: SignalServiceKit.AccountEntropyPool var mediaRootBackupKey: MediaRootBackupKey var profileKey: Aes256Key } @@ -64,13 +64,11 @@ public class ProvisioningManager { owsFail("Can't provision without a pni identity.") } let areReadReceiptsEnabled = receiptManager.areReadReceiptsEnabled(tx: tx) - let rootKey: LinkingProvisioningMessage.RootKey guard let accountEntropyPool = accountKeyStore.getAccountEntropyPool(tx: tx) else { // This should be impossible; the only times you don't have // an AEP are during registration. owsFail("Can't provision without account entropy pool.") } - rootKey = .accountEntropyPool(accountEntropyPool) let mrbk = accountKeyStore.getOrGenerateMediaRootBackupKey(tx: tx) guard let profileKey = profileManager.localUserProfile(tx: tx)?.profileKey else { owsFail("Can't provision without a profile key.") @@ -80,7 +78,7 @@ public class ProvisioningManager { aciIdentityKeyPair: aciIdentityKeyPair, pniIdentityKeyPair: pniIdentityKeyPair, areReadReceiptsEnabled: areReadReceiptsEnabled, - rootKey: rootKey, + aep: accountEntropyPool, mediaRootBackupKey: mrbk, profileKey: profileKey, ) @@ -105,7 +103,7 @@ public class ProvisioningManager { let provisioningCode = try await deviceProvisioningService.requestDeviceProvisioningCode() let provisioningMessage = LinkingProvisioningMessage( - rootKey: provisioningState.rootKey, + aep: provisioningState.aep, aci: myAci, phoneNumber: myPhoneNumber, pni: myPni, diff --git a/Signal/test/Provisioning/ProvisionManagerTests.swift b/Signal/test/Provisioning/ProvisionManagerTests.swift index fda41ab155..a3d19526aa 100644 --- a/Signal/test/Provisioning/ProvisionManagerTests.swift +++ b/Signal/test/Provisioning/ProvisionManagerTests.swift @@ -117,13 +117,7 @@ public class ProvisioningManagerTests { // Validate that all the data in the decrypted envelope on the new device side matches the // values populated by the old device - switch provisionMessage.rootKey { - case .accountEntropyPool(let aep): - #expect(aep == accountEntropyPool) - case .masterKey: - Issue.record("Expected AEP, but found MasterKey") - } - + #expect(provisionMessage.aep == accountEntropyPool) #expect(provisionMessage.aci == myAci) #expect(provisionMessage.phoneNumber == myPhoneNumber.stringValue) #expect(provisionMessage.pni == myPni) diff --git a/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift b/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift index 0cf2616fef..81402fc55b 100644 --- a/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift +++ b/Signal/test/Provisioning/ProvisioningCoordinatorTest.swift @@ -103,7 +103,7 @@ public class ProvisioningCoordinatorTest: XCTestCase { public func testProvisioning() async throws { let aep = AccountEntropyPool() let provisioningMessage = LinkingProvisioningMessage( - rootKey: .accountEntropyPool(aep), + aep: aep, aci: .randomForTesting(), phoneNumber: "+17875550100", pni: .randomForTesting(), @@ -180,12 +180,7 @@ public class ProvisioningCoordinatorTest: XCTestCase { identityManagerMock.identityKeyPairs[.pni]?.publicKey, provisioningMessage.pniIdentityKeyPair.asECKeyPair.publicKey, ) - let masterKey = switch provisioningMessage.rootKey { - case .accountEntropyPool(let accountEntropyPool): - accountEntropyPool.getMasterKey() - case .masterKey(let masterKey): - masterKey - } + let masterKey = provisioningMessage.aep.getMasterKey() XCTAssertEqual(svrMock.syncedMasterKey?.rawData, masterKey.rawData) } diff --git a/SignalServiceKit/Contacts/OWSSyncManager.swift b/SignalServiceKit/Contacts/OWSSyncManager.swift index fabb7e0fa2..872c64ddae 100644 --- a/SignalServiceKit/Contacts/OWSSyncManager.swift +++ b/SignalServiceKit/Contacts/OWSSyncManager.swift @@ -208,15 +208,10 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift { return owsFailDebug("Missing thread") } - let accountEntropyPool = DependenciesBridge.shared.accountKeyStore.getAccountEntropyPool(tx: tx) - if accountEntropyPool == nil { - Logger.warn("Expecting AEP present for sync message") - } - - let masterKey = DependenciesBridge.shared.accountKeyStore.getMasterKey(tx: tx) - - guard accountEntropyPool != nil || masterKey != nil else { - return owsFailDebug("Missing root key") + let accountKeyStore = DependenciesBridge.shared.accountKeyStore + guard let accountEntropyPool = accountKeyStore.getAccountEntropyPool(tx: tx) else { + owsFailDebug("must have AEP for sync message") + return } let mrbk = DependenciesBridge.shared.accountKeyStore.getOrGenerateMediaRootBackupKey(tx: tx) @@ -224,7 +219,6 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift { let syncKeysMessage = OutgoingKeysSyncMessage( localThread: thread, accountEntropyPool: accountEntropyPool, - masterKey: masterKey, mediaRootBackupKey: mrbk, tx: tx, ) @@ -247,10 +241,10 @@ extension OWSSyncManager: SyncManagerProtocol, SyncManagerProtocolSwift { ) } catch { switch error { - case .missingMasterKey: - Logger.warn("Key sync messages missing master key") - case .missingOrInvalidMRBK: - Logger.warn("Key sync messages missing or invalid media root backup key") + case .missingAep: + Logger.warn("Key sync messages missing aep") + case .missingMrbk: + Logger.warn("Key sync messages missing media root backup key") } } diff --git a/SignalServiceKit/Devices/LinkingProvisioningMessage.swift b/SignalServiceKit/Devices/LinkingProvisioningMessage.swift index 6b296458eb..b206889229 100644 --- a/SignalServiceKit/Devices/LinkingProvisioningMessage.swift +++ b/SignalServiceKit/Devices/LinkingProvisioningMessage.swift @@ -8,17 +8,12 @@ public import LibSignalClient public struct LinkingProvisioningMessage { - public enum RootKey { - case accountEntropyPool(AccountEntropyPool) - case masterKey(MasterKey) - } - public enum Constants { public static let provisioningVersion: UInt32 = 1 public static let userAgent: String = "OWI" } - public let rootKey: RootKey + public let aep: AccountEntropyPool public let aci: Aci public let phoneNumber: String public let pni: Pni @@ -33,7 +28,7 @@ public struct LinkingProvisioningMessage { public let provisioningVersion: UInt32 public init( - rootKey: RootKey, + aep: AccountEntropyPool, aci: Aci, phoneNumber: String, pni: Pni, @@ -47,7 +42,7 @@ public struct LinkingProvisioningMessage { provisioningUserAgent: String? = Constants.userAgent, provisioningVersion: UInt32 = Constants.provisioningVersion, ) { - self.rootKey = rootKey + self.aep = aep self.aci = aci self.phoneNumber = phoneNumber self.pni = pni @@ -119,11 +114,9 @@ public struct LinkingProvisioningMessage { let accountEntropyPool = proto.accountEntropyPool?.nilIfEmpty, let aep = try? AccountEntropyPool(key: accountEntropyPool) { - self.rootKey = .accountEntropyPool(aep) - } else if let masterKey = try proto.masterKey.map({ try MasterKey(data: $0) }) { - self.rootKey = .masterKey(masterKey) + self.aep = aep } else { - throw ProvisioningError.invalidProvisionMessage("missing master key from provisioning message") + throw ProvisioningError.invalidProvisionMessage("missing aep from provisioning message") } guard let mrbkBytes = proto.mediaRootBackupKey else { @@ -155,14 +148,7 @@ public struct LinkingProvisioningMessage { messageBuilder.setNumber(phoneNumber) messageBuilder.setAciBinary(aci.rawUUID.data) messageBuilder.setPniBinary(pni.rawUUID.data) - - switch rootKey { - case .accountEntropyPool(let accountEntropyPool): - messageBuilder.setAccountEntropyPool(accountEntropyPool.rawString) - messageBuilder.setMasterKey(accountEntropyPool.getMasterKey().rawData) - case .masterKey(let masterKey): - messageBuilder.setMasterKey(masterKey.rawData) - } + messageBuilder.setAccountEntropyPool(aep.rawString) messageBuilder.setMediaRootBackupKey(mrbk.serialize()) ephemeralBackupKey.map { messageBuilder.setEphemeralBackupKey($0.serialize()) } diff --git a/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift b/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift index c16a06ac12..b3ff742fbf 100644 --- a/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift +++ b/SignalServiceKit/Messages/DeviceSyncing/OutgoingKeysSyncMessage.swift @@ -9,18 +9,15 @@ import Foundation final class OutgoingKeysSyncMessage: OutgoingSyncMessage { let accountEntropyPool: String? - let masterKey: Data? let mediaRootBackupKey: Data? init( localThread: TSContactThread, accountEntropyPool: AccountEntropyPool?, - masterKey: MasterKey?, mediaRootBackupKey: MediaRootBackupKey?, tx: DBReadTransaction, ) { self.accountEntropyPool = accountEntropyPool?.rawString - self.masterKey = masterKey?.rawData self.mediaRootBackupKey = mediaRootBackupKey?.serialize() super.init(localThread: localThread, tx: tx) } @@ -32,9 +29,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage { if let accountEntropyPool { coder.encode(accountEntropyPool, forKey: "accountEntropyPool") } - if let masterKey { - coder.encode(masterKey, forKey: "masterKey") - } if let mediaRootBackupKey { coder.encode(mediaRootBackupKey, forKey: "mediaRootBackupKey") } @@ -42,7 +36,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage { required init?(coder: NSCoder) { self.accountEntropyPool = coder.decodeObject(of: NSString.self, forKey: "accountEntropyPool") as String? - self.masterKey = coder.decodeObject(of: NSData.self, forKey: "masterKey") as Data? self.mediaRootBackupKey = coder.decodeObject(of: NSData.self, forKey: "mediaRootBackupKey") as Data? super.init(coder: coder) } @@ -51,7 +44,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage { var hasher = Hasher() hasher.combine(super.hash) hasher.combine(self.accountEntropyPool) - hasher.combine(self.masterKey) hasher.combine(self.mediaRootBackupKey) return hasher.finalize() } @@ -60,7 +52,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage { guard let object = object as? Self else { return false } guard super.isEqual(object) else { return false } guard self.accountEntropyPool == object.accountEntropyPool else { return false } - guard self.masterKey == object.masterKey else { return false } guard self.mediaRootBackupKey == object.mediaRootBackupKey else { return false } return true } @@ -70,9 +61,6 @@ final class OutgoingKeysSyncMessage: OutgoingSyncMessage { if let accountEntropyPool { keysBuilder.setAccountEntropyPool(accountEntropyPool) } - if let masterKey { - keysBuilder.setMaster(masterKey) - } if let mediaRootBackupKey { keysBuilder.setMediaRootBackupKey(mediaRootBackupKey) } diff --git a/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift b/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift index 57c412eee9..933db43a86 100644 --- a/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift +++ b/SignalServiceKit/Mocks/KeyBackupService/SecureValueRecoveryMock.swift @@ -38,7 +38,11 @@ public class SecureValueRecoveryMock: SecureValueRecovery { authedDevice: AuthedDevice, tx: DBWriteTransaction, ) throws(SVR.KeysError) { - syncedMasterKey = syncMessage.master.map { try! MasterKey(data: $0) } + let aep = syncMessage.accountEntropyPool.flatMap({ try? AccountEntropyPool(key: $0) }) + guard let aep else { + throw .missingAep + } + syncedMasterKey = aep.getMasterKey() } public func storeKeys( @@ -46,11 +50,7 @@ public class SecureValueRecoveryMock: SecureValueRecovery { authedDevice: AuthedDevice, tx: DBWriteTransaction, ) { - let masterKey = switch provisioningMessage.rootKey { - case .accountEntropyPool(let aep): aep.getMasterKey() - case .masterKey(let masterKey): masterKey - } - syncedMasterKey = masterKey + syncedMasterKey = provisioningMessage.aep.getMasterKey() } public var doesHavePendingRestoration = false diff --git a/SignalServiceKit/Protos/Generated/Provisioning.pb.swift b/SignalServiceKit/Protos/Generated/Provisioning.pb.swift index 41c90b2f7b..e24d70052d 100644 --- a/SignalServiceKit/Protos/Generated/Provisioning.pb.swift +++ b/SignalServiceKit/Protos/Generated/Provisioning.pb.swift @@ -184,15 +184,6 @@ struct ProvisioningProtos_ProvisionMessage: @unchecked Sendable { /// Clears the value of `provisioningVersion`. Subsequent reads from it will return its default value. mutating func clearProvisioningVersion() {_uniqueStorage()._provisioningVersion = nil} - var masterKey: Data { - get {_storage._masterKey ?? Data()} - set {_uniqueStorage()._masterKey = newValue} - } - /// Returns true if `masterKey` has been explicitly set. - var hasMasterKey: Bool {_storage._masterKey != nil} - /// Clears the value of `masterKey`. Subsequent reads from it will return its default value. - mutating func clearMasterKey() {_uniqueStorage()._masterKey = nil} - /// 32 bytes var ephemeralBackupKey: Data { get {_storage._ephemeralBackupKey ?? Data()} @@ -293,7 +284,7 @@ extension ProvisioningProtos_ProvisionEnvelope: SwiftProtobuf.Message, SwiftProt extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { static let protoMessageName: String = _protobuf_package + ".ProvisionMessage" - static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}aciIdentityKeyPublic\0\u{1}aciIdentityKeyPrivate\0\u{1}number\0\u{1}provisioningCode\0\u{1}userAgent\0\u{1}profileKey\0\u{1}readReceipts\0\u{1}aci\0\u{1}provisioningVersion\0\u{1}pni\0\u{1}pniIdentityKeyPublic\0\u{1}pniIdentityKeyPrivate\0\u{1}masterKey\0\u{1}ephemeralBackupKey\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{1}aciBinary\0\u{1}pniBinary\0") + static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}aciIdentityKeyPublic\0\u{1}aciIdentityKeyPrivate\0\u{1}number\0\u{1}provisioningCode\0\u{1}userAgent\0\u{1}profileKey\0\u{1}readReceipts\0\u{1}aci\0\u{1}provisioningVersion\0\u{1}pni\0\u{1}pniIdentityKeyPublic\0\u{1}pniIdentityKeyPrivate\0\u{2}\u{2}ephemeralBackupKey\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{1}aciBinary\0\u{1}pniBinary\0\u{c}\u{d}\u{1}") fileprivate class _StorageClass { var _aciIdentityKeyPublic: Data? = nil @@ -308,7 +299,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto var _profileKey: Data? = nil var _readReceipts: Bool? = nil var _provisioningVersion: UInt32? = nil - var _masterKey: Data? = nil var _ephemeralBackupKey: Data? = nil var _accountEntropyPool: String? = nil var _mediaRootBackupKey: Data? = nil @@ -336,7 +326,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto _profileKey = source._profileKey _readReceipts = source._readReceipts _provisioningVersion = source._provisioningVersion - _masterKey = source._masterKey _ephemeralBackupKey = source._ephemeralBackupKey _accountEntropyPool = source._accountEntropyPool _mediaRootBackupKey = source._mediaRootBackupKey @@ -372,7 +361,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto case 10: try { try decoder.decodeSingularStringField(value: &_storage._pni) }() case 11: try { try decoder.decodeSingularBytesField(value: &_storage._pniIdentityKeyPublic) }() case 12: try { try decoder.decodeSingularBytesField(value: &_storage._pniIdentityKeyPrivate) }() - case 13: try { try decoder.decodeSingularBytesField(value: &_storage._masterKey) }() case 14: try { try decoder.decodeSingularBytesField(value: &_storage._ephemeralBackupKey) }() case 15: try { try decoder.decodeSingularStringField(value: &_storage._accountEntropyPool) }() case 16: try { try decoder.decodeSingularBytesField(value: &_storage._mediaRootBackupKey) }() @@ -426,9 +414,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto try { if let v = _storage._pniIdentityKeyPrivate { try visitor.visitSingularBytesField(value: v, fieldNumber: 12) } }() - try { if let v = _storage._masterKey { - try visitor.visitSingularBytesField(value: v, fieldNumber: 13) - } }() try { if let v = _storage._ephemeralBackupKey { try visitor.visitSingularBytesField(value: v, fieldNumber: 14) } }() @@ -465,7 +450,6 @@ extension ProvisioningProtos_ProvisionMessage: SwiftProtobuf.Message, SwiftProto if _storage._profileKey != rhs_storage._profileKey {return false} if _storage._readReceipts != rhs_storage._readReceipts {return false} if _storage._provisioningVersion != rhs_storage._provisioningVersion {return false} - if _storage._masterKey != rhs_storage._masterKey {return false} if _storage._ephemeralBackupKey != rhs_storage._ephemeralBackupKey {return false} if _storage._accountEntropyPool != rhs_storage._accountEntropyPool {return false} if _storage._mediaRootBackupKey != rhs_storage._mediaRootBackupKey {return false} diff --git a/SignalServiceKit/Protos/Generated/ProvisioningProto.swift b/SignalServiceKit/Protos/Generated/ProvisioningProto.swift index 4571cccd35..cbec41e7cd 100644 --- a/SignalServiceKit/Protos/Generated/ProvisioningProto.swift +++ b/SignalServiceKit/Protos/Generated/ProvisioningProto.swift @@ -283,18 +283,6 @@ public class ProvisioningProtoProvisionMessage: NSObject, Codable, NSSecureCodin return proto.hasProvisioningVersion } - @objc - public var masterKey: Data? { - guard hasMasterKey else { - return nil - } - return proto.masterKey - } - @objc - public var hasMasterKey: Bool { - return proto.hasMasterKey - } - @objc public var ephemeralBackupKey: Data? { guard hasEphemeralBackupKey else { @@ -494,9 +482,6 @@ extension ProvisioningProtoProvisionMessage { if hasProvisioningVersion { builder.setProvisioningVersion(provisioningVersion) } - if let _value = masterKey { - builder.setMasterKey(_value) - } if let _value = ephemeralBackupKey { builder.setEphemeralBackupKey(_value) } @@ -659,17 +644,6 @@ public class ProvisioningProtoProvisionMessageBuilder: NSObject { proto.provisioningVersion = valueParam } - @objc - @available(swift, obsoleted: 1.0) - public func setMasterKey(_ valueParam: Data?) { - guard let valueParam = valueParam else { return } - proto.masterKey = valueParam - } - - public func setMasterKey(_ valueParam: Data) { - proto.masterKey = valueParam - } - @objc @available(swift, obsoleted: 1.0) public func setEphemeralBackupKey(_ valueParam: Data?) { diff --git a/SignalServiceKit/Protos/Generated/SSKProto.swift b/SignalServiceKit/Protos/Generated/SSKProto.swift index a9cc5786f2..32da7bbec1 100644 --- a/SignalServiceKit/Protos/Generated/SSKProto.swift +++ b/SignalServiceKit/Protos/Generated/SSKProto.swift @@ -13026,18 +13026,6 @@ public class SSKProtoSyncMessageKeys: NSObject, Codable, NSSecureCoding { fileprivate let proto: SignalServiceProtos_SyncMessage.Keys - @objc - public var master: Data? { - guard hasMaster else { - return nil - } - return proto.master - } - @objc - public var hasMaster: Bool { - return proto.hasMaster - } - @objc public var accountEntropyPool: String? { guard hasAccountEntropyPool else { @@ -13135,9 +13123,6 @@ extension SSKProtoSyncMessageKeys { @objc public func asBuilder() -> SSKProtoSyncMessageKeysBuilder { let builder = SSKProtoSyncMessageKeysBuilder() - if let _value = master { - builder.setMaster(_value) - } if let _value = accountEntropyPool { builder.setAccountEntropyPool(_value) } @@ -13159,17 +13144,6 @@ public class SSKProtoSyncMessageKeysBuilder: NSObject { @objc fileprivate override init() {} - @objc - @available(swift, obsoleted: 1.0) - public func setMaster(_ valueParam: Data?) { - guard let valueParam = valueParam else { return } - proto.master = valueParam - } - - public func setMaster(_ valueParam: Data) { - proto.master = valueParam - } - @objc @available(swift, obsoleted: 1.0) public func setAccountEntropyPool(_ valueParam: String?) { diff --git a/SignalServiceKit/Protos/Generated/SignalService.pb.swift b/SignalServiceKit/Protos/Generated/SignalService.pb.swift index 27c6e30150..2131e79f38 100644 --- a/SignalServiceKit/Protos/Generated/SignalService.pb.swift +++ b/SignalServiceKit/Protos/Generated/SignalService.pb.swift @@ -3219,15 +3219,6 @@ struct SignalServiceProtos_SyncMessage: @unchecked Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - var master: Data { - get {_master ?? Data()} - set {_master = newValue} - } - /// Returns true if `master` has been explicitly set. - var hasMaster: Bool {self._master != nil} - /// Clears the value of `master`. Subsequent reads from it will return its default value. - mutating func clearMaster() {self._master = nil} - var accountEntropyPool: String { get {_accountEntropyPool ?? String()} set {_accountEntropyPool = newValue} @@ -3250,7 +3241,6 @@ struct SignalServiceProtos_SyncMessage: @unchecked Sendable { init() {} - fileprivate var _master: Data? = nil fileprivate var _accountEntropyPool: String? = nil fileprivate var _mediaRootBackupKey: Data? = nil } @@ -8333,7 +8323,7 @@ extension SignalServiceProtos_SyncMessage.FetchLatest.TypeEnum: SwiftProtobuf._P extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { static let protoMessageName: String = SignalServiceProtos_SyncMessage.protoMessageName + ".Keys" - static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\u{2}master\0\u{1}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{c}\u{1}\u{1}") + static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\u{3}accountEntropyPool\0\u{1}mediaRootBackupKey\0\u{c}\u{1}\u{1}\u{c}\u{2}\u{1}") mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -8341,7 +8331,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 2: try { try decoder.decodeSingularBytesField(value: &self._master) }() case 3: try { try decoder.decodeSingularStringField(value: &self._accountEntropyPool) }() case 4: try { try decoder.decodeSingularBytesField(value: &self._mediaRootBackupKey) }() default: break @@ -8354,9 +8343,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt // allocates stack space for every if/case branch local when no optimizations // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and // https://github.com/apple/swift-protobuf/issues/1182 - try { if let v = self._master { - try visitor.visitSingularBytesField(value: v, fieldNumber: 2) - } }() try { if let v = self._accountEntropyPool { try visitor.visitSingularStringField(value: v, fieldNumber: 3) } }() @@ -8367,7 +8353,6 @@ extension SignalServiceProtos_SyncMessage.Keys: SwiftProtobuf.Message, SwiftProt } static func ==(lhs: SignalServiceProtos_SyncMessage.Keys, rhs: SignalServiceProtos_SyncMessage.Keys) -> Bool { - if lhs._master != rhs._master {return false} if lhs._accountEntropyPool != rhs._accountEntropyPool {return false} if lhs._mediaRootBackupKey != rhs._mediaRootBackupKey {return false} if lhs.unknownFields != rhs.unknownFields {return false} diff --git a/SignalServiceKit/Protos/Specifications/Provisioning.proto b/SignalServiceKit/Protos/Specifications/Provisioning.proto index 9d0ed1c33a..4504fffdc6 100644 --- a/SignalServiceKit/Protos/Specifications/Provisioning.proto +++ b/SignalServiceKit/Protos/Specifications/Provisioning.proto @@ -38,7 +38,7 @@ message ProvisionMessage { optional bytes profileKey = 6; optional bool readReceipts = 7; optional uint32 provisioningVersion = 9; - optional bytes masterKey = 13; + reserved /*masterKey*/ 13; // Deprecated in favor of accountEntropyPool optional bytes ephemeralBackupKey = 14; // 32 bytes optional string accountEntropyPool = 15; optional bytes mediaRootBackupKey = 16; diff --git a/SignalServiceKit/Protos/Specifications/SignalService.proto b/SignalServiceKit/Protos/Specifications/SignalService.proto index 0186da40b9..13f0ca6f52 100644 --- a/SignalServiceKit/Protos/Specifications/SignalService.proto +++ b/SignalServiceKit/Protos/Specifications/SignalService.proto @@ -611,7 +611,7 @@ message SyncMessage { message Keys { reserved /* storageService */ 1; - optional bytes master = 2; + reserved /* master */ 2; optional string accountEntropyPool = 3; optional bytes mediaRootBackupKey = 4; } diff --git a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift index 74c6322e78..74a801b669 100644 --- a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift +++ b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift @@ -12,8 +12,8 @@ public enum SVR { static let maximumKeyAttempts: UInt32 = 10 public enum KeysError: Error { - case missingMasterKey - case missingOrInvalidMRBK + case missingAep + case missingMrbk } public enum DerivedKey: Hashable { diff --git a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift index 79d51950f0..45ef33c894 100644 --- a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift +++ b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery2Impl.swift @@ -101,13 +101,7 @@ public class SecureValueRecovery2Impl: SecureValueRecovery { ) { Logger.info("") accountKeyStore.setMediaRootBackupKey(provisioningMessage.mrbk, tx: tx) - - switch provisioningMessage.rootKey { - case .accountEntropyPool(let aep): - accountKeyStore.setAccountEntropyPool(aep, tx: tx) - case .masterKey(let masterKey): - accountKeyStore.setMasterKey(masterKey, tx: tx) - } + accountKeyStore.setAccountEntropyPool(provisioningMessage.aep, tx: tx) } public func storeKeys( @@ -117,43 +111,20 @@ public class SecureValueRecovery2Impl: SecureValueRecovery { ) throws(SVR.KeysError) { Logger.info("") - if - let mrbkBytes = syncMessage.mediaRootBackupKey, - let backupKey = try? BackupKey(contents: mrbkBytes) - { - accountKeyStore.setMediaRootBackupKey(MediaRootBackupKey(backupKey: backupKey), tx: tx) - } else { - throw SVR.KeysError.missingOrInvalidMRBK + let newMrbk = syncMessage.mediaRootBackupKey.flatMap({ try? BackupKey(contents: $0) }) + guard let newMrbk else { + throw SVR.KeysError.missingMrbk } + accountKeyStore.setMediaRootBackupKey(MediaRootBackupKey(backupKey: newMrbk), tx: tx) - var keyChanged = false - + let newAep = syncMessage.accountEntropyPool.flatMap({ try? AccountEntropyPool(key: $0) }) + guard let newAep else { + throw SVR.KeysError.missingAep + } let oldAep = accountKeyStore.getAccountEntropyPool(tx: tx) - do { - if let aep = try syncMessage.accountEntropyPool.map({ try AccountEntropyPool(key: $0) }) { - accountKeyStore.setAccountEntropyPool(aep, tx: tx) - } - } catch { - owsFailDebug("Error setting AEP") - } - let newAep = accountKeyStore.getAccountEntropyPool(tx: tx) - keyChanged = (oldAep != newAep) - - if newAep == nil { - let oldMasterKey = accountKeyStore.getMasterKey(tx: tx)?.rawData - do { - if let masterKey = try syncMessage.master.map({ try MasterKey(data: $0) }) { - accountKeyStore.setMasterKey(masterKey, tx: tx) - } - } catch { - throw SVR.KeysError.missingMasterKey - } - let newMasterKey = accountKeyStore.getMasterKey(tx: tx)?.rawData - keyChanged = (oldMasterKey != newMasterKey) - } - - // Trigger a re-fetch of the storage manifest if our keys have changed - if keyChanged { + if newAep != oldAep { + accountKeyStore.setAccountEntropyPool(newAep, tx: tx) + // Trigger a re-fetch of the storage manifest if our keys have changed storageServiceManager.restoreOrCreateManifestIfNecessary( authedDevice: authedDevice, masterKeySource: .implicit,