mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Update to libsignal v0.80.3, add future sealed sender trust roots

Browse source 
Co-authored-by: Fedor Indutny <indutny@signal.org>
This commit is contained in:
Jordan Rose 2025-09-15 10:58:02 -07:00 committed by GitHub
commit 1da1f9da84
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 40 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ACKNOWLEDGMENTS.md
View file

@ -10229,7 +10229,7 @@ DEALINGS IN THE SOFTWARE.
```
## tungstenite 0.26.2
## tungstenite 0.27.0
```
Copyright (c) 2017 Alexey Galakhov
@ -10348,7 +10348,7 @@ DEALINGS IN THE SOFTWARE.
```
## tokio-tungstenite 0.26.2
## tokio-tungstenite 0.27.0
```
Copyright (c) 2017 Daniel Abramov

2
app/main.ts
View file

@ -2733,7 +2733,7 @@ ipc.on('get-config', async event => {
reducedMotionSetting: animationSettings.prefersReducedMotion,
registrationChallengeUrl: config.get<string>('registrationChallengeUrl'),
serverPublicParams: config.get<string>('serverPublicParams'),
serverTrustRoot: config.get<string>('serverTrustRoot'),
serverTrustRoots: config.get<Array<string>>('serverTrustRoots'),
stripePublishableKey: config.get<string>('stripePublishableKey'),
genericServerPublicParams: config.get<string>('genericServerPublicParams'),
backupServerPublicParams: config.get<string>('backupServerPublicParams'),

5
config/default.json
View file

@ -24,7 +24,10 @@
"buildExpiration": 0,
"certificateAuthority": "-----BEGIN CERTIFICATE-----\nMIIF2zCCA8OgAwIBAgIUAMHz4g60cIDBpPr1gyZ/JDaaPpcwDQYJKoZIhvcNAQEL\nBQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT\nDU1vdW50YWluIFZpZXcxHjAcBgNVBAoTFVNpZ25hbCBNZXNzZW5nZXIsIExMQzEZ\nMBcGA1UEAxMQU2lnbmFsIE1lc3NlbmdlcjAeFw0yMjAxMjYwMDQ1NTFaFw0zMjAx\nMjQwMDQ1NTBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw\nFAYDVQQHEw1Nb3VudGFpbiBWaWV3MR4wHAYDVQQKExVTaWduYWwgTWVzc2VuZ2Vy\nLCBMTEMxGTAXBgNVBAMTEFNpZ25hbCBNZXNzZW5nZXIwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQDEecifxMHHlDhxbERVdErOhGsLO08PUdNkATjZ1kT5\n1uPf5JPiRbus9F4J/GgBQ4ANSAjIDZuFY0WOvG/i0qvxthpW70ocp8IjkiWTNiA8\n1zQNQdCiWbGDU4B1sLi2o4JgJMweSkQFiyDynqWgHpw+KmvytCzRWnvrrptIfE4G\nPxNOsAtXFbVH++8JO42IaKRVlbfpe/lUHbjiYmIpQroZPGPY4Oql8KM3o39ObPnT\no1WoM4moyOOZpU3lV1awftvWBx1sbTBL02sQWfHRxgNVF+Pj0fdDMMFdFJobArrL\nVfK2Ua+dYN4pV5XIxzVarSRW73CXqQ+2qloPW/ynpa3gRtYeGWV4jl7eD0PmeHpK\nOY78idP4H1jfAv0TAVeKpuB5ZFZ2szcySxrQa8d7FIf0kNJe9gIRjbQ+XrvnN+ZZ\nvj6d+8uBJq8LfQaFhlVfI0/aIdggScapR7w8oLpvdflUWqcTLeXVNLVrg15cEDwd\nlV8PVscT/KT0bfNzKI80qBq8LyRmauAqP0CDjayYGb2UAabnhefgmRY6aBE5mXxd\nbyAEzzCS3vDxjeTD8v8nbDq+SD6lJi0i7jgwEfNDhe9XK50baK15Udc8Cr/ZlhGM\njNmWqBd0jIpaZm1rzWA0k4VwXtDwpBXSz8oBFshiXs3FD6jHY2IhOR3ppbyd4qRU\npwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\nHQ4EFgQUtfNLxuXWS9DlgGuMUMNnW7yx83EwHwYDVR0jBBgwFoAUtfNLxuXWS9Dl\ngGuMUMNnW7yx83EwDQYJKoZIhvcNAQELBQADggIBABUeiryS0qjykBN75aoHO9bV\nPrrX+DSJIB9V2YzkFVyh/io65QJMG8naWVGOSpVRwUwhZVKh3JVp/miPgzTGAo7z\nhrDIoXc+ih7orAMb19qol/2Ha8OZLa75LojJNRbZoCR5C+gM8C+spMLjFf9k3JVx\ndajhtRUcR0zYhwsBS7qZ5Me0d6gRXD0ZiSbadMMxSw6KfKk3ePmPb9gX+MRTS63c\n8mLzVYB/3fe/bkpq4RUwzUHvoZf+SUD7NzSQRQQMfvAHlxk11TVNxScYPtxXDyiy\n3Cssl9gWrrWqQ/omuHipoH62J7h8KAYbr6oEIq+Czuenc3eCIBGBBfvCpuFOgckA\nXXE4MlBasEU0MO66GrTCgMt9bAmSw3TrRP12+ZUFxYNtqWluRU8JWQ4FCCPcz9pg\nMRBOgn4lTxDZG+I47OKNuSRjFEP94cdgxd3H/5BK7WHUz1tAGQ4BgepSXgmjzifF\nT5FVTDTl3ZnWUVBXiHYtbOBgLiSIkbqGMCLtrBtFIeQ7RRTb3L+IE9R0UB0cJB3A\nXbf1lVkOcmrdu2h8A32aCwtr5S1fBF1unlG7imPmqJfpOMWa8yIF/KWVm29JAPq8\nLrsybb0z5gg8w7ZblEuB9zOW9M3l60DXuJO6l7g+deV6P96rv2unHS8UlvWiVWDy\n9qfgAJizyy3kqM4lOwBH\n-----END CERTIFICATE-----\n",
"serverPublicParams": "ABSY21VckQcbSXVNCGRYJcfWHiAMZmpTtTELcDmxgdFbtp/bWsSxZdMKzfCp8rvIs8ocCU3B37fT3r4Mi5qAemeGeR2X+/YmOGR5ofui7tD5mDQfstAI9i+4WpMtIe8KC3wU5w3Inq3uNWVmoGtpKndsNfwJrCg0Hd9zmObhypUnSkfYn2ooMOOnBpfdanRtrvetZUayDMSC5iSRcXKpdlukrpzzsCIvEwjwQlJYVPOQPj4V0F4UXXBdHSLK05uoPBCQG8G9rYIGedYsClJXnbrgGYG3eMTG5hnx4X4ntARBgELuMWWUEEfSK0mjXg+/2lPmWcTZWR9nkqgQQP0tbzuiPm74H2wMO4u1Wafe+UwyIlIT9L7KLS19Aw8r4sPrXZSSsOZ6s7M1+rTJN0bI5CKY2PX29y5Ok3jSWufIKcgKOnWoP67d5b2du2ZVJjpjfibNIHbT/cegy/sBLoFwtHogVYUewANUAXIaMPyCLRArsKhfJ5wBtTminG/PAvuBdJ70Z/bXVPf8TVsR292zQ65xwvWTejROW6AZX6aqucUjlENAErBme1YHmOSpU6tr6doJ66dPzVAWIanmO/5mgjNEDeK7DDqQdB1xd03HT2Qs2TxY3kCK8aAb/0iM0HQiXjxZ9HIgYhbtvGEnDKW5ILSUydqH/KBhW4Pb0jZWnqN/YgbWDKeJxnDbYcUob5ZY5Lt5ZCMKuaGUvCJRrCtuugSMaqjowCGRempsDdJEt+cMaalhZ6gczklJB/IbdwENW9KeVFPoFNFzhxWUIS5ML9riVYhAtE6JE5jX0xiHNVIIPthb458cfA8daR0nYfYAUKogQArm0iBezOO+mPk5vCNWI+wwkyFCqNDXz/qxl1gAntuCJtSfq9OC3NkdhQlgYQ==",
"serverTrustRoot": "BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx",
"serverTrustRoots": [
"BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx",
"BYhU6tPjqP46KGZEzRs1OL4U39V5dlPJ/X09ha4rErkm"
],
"genericServerPublicParams": "AHILOIrFPXX9laLbalbA9+L1CXpSbM/bTJXZGZiuyK1JaI6dK5FHHWL6tWxmHKYAZTSYmElmJ5z2A5YcirjO/yfoemE03FItyaf8W1fE4p14hzb5qnrmfXUSiAIVrhaXVwIwSzH6RL/+EO8jFIjJ/YfExfJ8aBl48CKHgu1+A6kWynhttonvWWx6h7924mIzW0Czj2ROuh4LwQyZypex4GuOPW8sgIT21KNZaafgg+KbV7XM1x1tF3XA17B4uGUaDbDw2O+nR1+U5p6qHPzmJ7ggFjSN6Utu+35dS1sS0P9N",
"backupServerPublicParams": "AHYrGb9IfugAAJiPKp+mdXUx+OL9zBolPYHYQz6GI1gWjpEu5me3zVNSvmYY4zWboZHif+HG1sDHSuvwFd0QszSwuSF4X4kRP3fJREdTZ5MCR0n55zUppTwfHRW2S4sdQ0JGz7YDQIJCufYSKh0pGNEHL6hv79Agrdnr4momr3oXdnkpVBIp3HWAQ6IbXQVSG18X36GaicI1vdT0UFmTwU2KTneluC2eyL9c5ff8PcmiS+YcLzh0OKYQXB5ZfQ06d6DiINvDQLy75zcfUOniLAj0lGJiHxGczin/RXisKSR8",
"stripePublishableKey": "pk_test_sngOd8FnXNkpce9nPXawKrJD00kIDngZkD"

5
config/production.json
View file

@ -12,7 +12,10 @@
"challengeUrl": "https://signalcaptchas.org/challenge/generate.html",
"registrationChallengeUrl": "https://signalcaptchas.org/registration/generate.html",
"serverPublicParams": "AMhf5ywVwITZMsff/eCyudZx9JDmkkkbV6PInzG4p8x3VqVJSFiMvnvlEKWuRob/1eaIetR31IYeAbm0NdOuHH8Qi+Rexi1wLlpzIo1gstHWBfZzy1+qHRV5A4TqPp15YzBPm0WSggW6PbSn+F4lf57VCnHF7p8SvzAA2ZZJPYJURt8X7bbg+H3i+PEjH9DXItNEqs2sNcug37xZQDLm7X36nOoGPs54XsEGzPdEV+itQNGUFEjY6X9Uv+Acuks7NpyGvCoKxGwgKgE5XyJ+nNKlyHHOLb6N1NuHyBrZrgtY/JYJHRooo5CEqYKBqdFnmbTVGEkCvJKxLnjwKWf+fEPoWeQFj5ObDjcKMZf2Jm2Ae69x+ikU5gBXsRmoF94GXTLfN0/vLt98KDPnxwAQL9j5V1jGOY8jQl6MLxEs56cwXN0dqCnImzVH3TZT1cJ8SW1BRX6qIVxEzjsSGx3yxF3suAilPMqGRp4ffyopjMD1JXiKR2RwLKzizUe5e8XyGOy9fplzhw3jVzTRyUZTRSZKkMLWcQ/gv0E4aONNqs4P+NameAZYOD12qRkxosQQP5uux6B2nRyZ7sAV54DgFyLiRcq1FvwKw2EPQdk4HDoePrO/RNUbyNddnM/mMgj4FW65xCoT1LmjrIjsv/Ggdlx46ueczhMgtBunx1/w8k8V+l8LVZ8gAT6wkU5J+DPQalQguMg12Jzug3q4TbdHiGCmD9EunCwOmsLuLJkz6EcSYXtrlDEnAM+hicw7iergYLLlMXpfTdGxJCWJmP4zqUFeTTmsmhsjGBt7NiEB/9pFFEB3pSbf4iiUukw63Eo8Aqnf4iwob6X1QviCWuc8t0LUlT9vALgh/f2DPVOOmR0RW6bgRvc7DSF20V/omg+YBw==",
"serverTrustRoot": "BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF",
"serverTrustRoots": [
"BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF",
"BUkY0I+9+oPgDCn4+Ac6Iu813yvqkDr/ga8DzLxFxuk6"
],
"genericServerPublicParams": "AByD873dTilmOSG0TjKrvpeaKEsUmIO8Vx9BeMmftwUs9v7ikPwM8P3OHyT0+X3EUMZrSe9VUp26Wai51Q9I8mdk0hX/yo7CeFGJyzoOqn8e/i4Ygbn5HoAyXJx5eXfIbqpc0bIxzju4H/HOQeOpt6h742qii5u/cbwOhFZCsMIbElZTaeU+BWMBQiZHIGHT5IE0qCordQKZ5iPZom0HeFa8Yq0ShuEyAl0WINBiY6xE3H/9WnvzXBbMuuk//eRxXgzO8ieCeK8FwQNxbfXqZm6Ro1cMhCOF3u7xoX83QhpN",
"backupServerPublicParams": "AJwNSU55fsFCbgaxGRD11wO1juAs8Yr5GF8FPlGzzvdJJIKH5/4CC7ZJSOe3yL2vturVaRU2Cx0n751Vt8wkj1bozK3CBV1UokxV09GWf+hdVImLGjXGYLLhnI1J2TWEe7iWHyb553EEnRb5oxr9n3lUbNAJuRmFM7hrr0Al0F0wrDD4S8lo2mGaXe0MJCOM166F8oYRQqpFeEHfiLnxA1O8ZLh7vMdv4g9jI5phpRBTsJ5IjiJrWeP0zdIGHEssUeprDZ9OUJ14m0v61eYJMKsf59Bn+mAT2a7YfB+Don9O",
"stripePublishableKey": "pk_live_6cmGZopuTsV8novGgJJW9JpC00vLIgtQ1D",

4
package.json
View file

@ -130,7 +130,7 @@
"@react-aria/utils": "3.25.3",
"@react-spring/web": "9.7.5",
"@react-types/shared": "3.27.0",
"@signalapp/libsignal-client": "0.80.0",
"@signalapp/libsignal-client": "0.80.3",
"@signalapp/minimask": "1.0.1",
"@signalapp/quill-cjs": "2.1.2",
"@signalapp/ringrtc": "2.57.1",
@ -236,7 +236,7 @@
"@indutny/parallel-prettier": "3.0.0",
"@indutny/rezip-electron": "2.0.1",
"@napi-rs/canvas": "0.1.61",
"@signalapp/mock-server": "13.3.0",
"@signalapp/mock-server": "14.0.0",
"@storybook/addon-a11y": "8.4.4",
"@storybook/addon-actions": "8.4.4",
"@storybook/addon-controls": "8.4.4",

20
pnpm-lock.yaml generated
View file

@ -126,8 +126,8 @@ importers:
specifier: 3.27.0
version: 3.27.0(react@18.3.1)
'@signalapp/libsignal-client':
specifier: 0.80.0
version: 0.80.0
specifier: 0.80.3
version: 0.80.3
'@signalapp/minimask':
specifier: 1.0.1
version: 1.0.1
@ -439,8 +439,8 @@ importers:
specifier: 0.1.61
version: 0.1.61
'@signalapp/mock-server':
specifier: 13.3.0
version: 13.3.0(bufferutil@4.0.9)(utf-8-validate@5.0.10)
specifier: 14.0.0
version: 14.0.0(bufferutil@4.0.9)(utf-8-validate@5.0.10)
'@storybook/addon-a11y':
specifier: 8.4.4
version: 8.4.4(storybook@8.4.4(bufferutil@4.0.9)(prettier@3.3.3)(utf-8-validate@5.0.10))
@ -3296,14 +3296,14 @@ packages:
'@signalapp/libsignal-client@0.76.7':
resolution: {integrity: sha512-iGWTlFkko7IKlm96Iy91Wz5sIN089nj02ifOk6BWtLzeVi0kFaNj+jK26Sl1JRXy/VfXevcYtiOivOg43BPqpg==}
'@signalapp/libsignal-client@0.80.0':
resolution: {integrity: sha512-cOFORDUUSdQFjQ8RDA8niC1UIoFRi7+Dd8ZNizGcJ2Q16D9RhKU9yZ0/VIef+mWu/iJcPovoC3GCvw0nE881vw==}
'@signalapp/libsignal-client@0.80.3':
resolution: {integrity: sha512-d1c5WcFTkR+EU1BPhYiqH91RWp5A+UbD+mIZaK2Zm8t+6xAg2mUPXk3eCeVaBgqF+S2KfWED+GISIj9Ziqk/oA==}
'@signalapp/minimask@1.0.1':
resolution: {integrity: sha512-QAwo0joA60urTNbW9RIz6vLKQjy+jdVtH7cvY0wD9PVooD46MAjE40MLssp4xUJrph91n2XvtJ3pbEUDrmT2AA==}
'@signalapp/mock-server@13.3.0':
resolution: {integrity: sha512-qWLI+J0hptzKC3Xm9FWWqFMvJ+jpLLPRq+Y6gdbprfA/DMHcNK53T8A54onbEyqJHnxdPoyqxtH4wcsiS1HglQ==}
'@signalapp/mock-server@14.0.0':
resolution: {integrity: sha512-zoycqL/z2ysge+4S2Sp3/KPfMqBCDDzGAnAQA7K6Yakel8opsQzjEPcXIR0c0hNrn3vHlZ+MoDiXRmavEpSzOQ==}
'@signalapp/parchment-cjs@3.0.1':
resolution: {integrity: sha512-hSBMQ1M7wE4GcC8ZeNtvpJF+DAJg3eIRRf1SiHS3I3Algav/sgJJNm6HIYm6muHuK7IJmuEjkL3ILSXgmu0RfQ==}
@ -13943,7 +13943,7 @@ snapshots:
type-fest: 4.26.1
uuid: 11.0.2
'@signalapp/libsignal-client@0.80.0':
'@signalapp/libsignal-client@0.80.3':
dependencies:
node-gyp-build: 4.8.4
type-fest: 4.26.1
@ -13951,7 +13951,7 @@ snapshots:
'@signalapp/minimask@1.0.1': {}
'@signalapp/mock-server@13.3.0(bufferutil@4.0.9)(utf-8-validate@5.0.10)':
'@signalapp/mock-server@14.0.0(bufferutil@4.0.9)(utf-8-validate@5.0.10)':
dependencies:
'@indutny/parallel-prettier': 3.0.0(prettier@3.3.3)
'@signalapp/libsignal-client': 0.76.7

2
ts/background.ts
View file

@ -566,7 +566,7 @@ export async function startApp(): Promise<void> {
log.info('Initializing MessageReceiver');
messageReceiver = new MessageReceiver({
storage: window.storage,
serverTrustRoot: window.getServerTrustRoot(),
serverTrustRoots: window.getServerTrustRoots(),
});
window.ConversationController.registerDelayBeforeUpdatingRedux(() => {
if (backupsService.isImportRunning()) {

2
ts/test-electron/MessageReceiver_test.ts
View file

@ -44,7 +44,7 @@ describe('MessageReceiver', () => {
const messageReceiver = new MessageReceiver({
storage: window.storage,
serverTrustRoot: toBase64(fakeTrustRootPublicKey),
serverTrustRoots: [toBase64(fakeTrustRootPublicKey)],
});
const body = Proto.Envelope.encode({

19
ts/textsecure/MessageReceiver.ts
View file

@ -233,7 +233,7 @@ enum TaskType {
export type MessageReceiverOptions = {
storage: Storage;
serverTrustRoot: string;
serverTrustRoots: Array<string>;
};
const TASK_WITH_TIMEOUT_OPTIONS = {
@ -314,22 +314,22 @@ export default class MessageReceiver
#encryptedQueue: PQueue;
#decryptedQueue: PQueue;
#retryCachedTimeout: NodeJS.Timeout | undefined;
#serverTrustRoot: PublicKey;
#serverTrustRoots: Array<PublicKey>;
#stoppingProcessing?: boolean;
#pniIdentityKeyCheckRequired?: boolean;
constructor({ storage, serverTrustRoot }: MessageReceiverOptions) {
constructor({ storage, serverTrustRoots }: MessageReceiverOptions) {
super();
this.#storage = storage;
this.#processedCount = 0;
if (!serverTrustRoot) {
if (serverTrustRoots.length === 0) {
throw new Error('Server trust root is required!');
}
this.#serverTrustRoot = PublicKey.deserialize(
Bytes.fromBase64(serverTrustRoot)
this.#serverTrustRoots = serverTrustRoots.map(key =>
PublicKey.deserialize(Bytes.fromBase64(key))
);
this.#incomingQueue = new PQueue({
@ -1632,7 +1632,12 @@ export default class MessageReceiver
);
}
if (!certificate.validate(this.#serverTrustRoot, serverTimestamp)) {
if (
!certificate.validateWithTrustRoots(
this.#serverTrustRoots,
serverTimestamp
)
) {
throw new Error(`${logId}: Sealed sender certificate validation failed`);
}

2
ts/types/RendererConfig.ts
View file

@ -64,7 +64,7 @@ export const rendererConfigSchema = z.object({
reducedMotionSetting: z.boolean(),
registrationChallengeUrl: configRequiredStringSchema,
serverPublicParams: configRequiredStringSchema,
serverTrustRoot: configRequiredStringSchema,
serverTrustRoots: z.array(configRequiredStringSchema),
genericServerPublicParams: configRequiredStringSchema,
backupServerPublicParams: configRequiredStringSchema,
serverUrl: configRequiredStringSchema,

2
ts/window.d.ts vendored
View file

@ -236,7 +236,7 @@ declare global {
Signal: SignalCoreType;
getServerTrustRoot: () => string;
getServerTrustRoots: () => Array<string>;
logAuthenticatedConnect?: () => void;
// ========================================================================

2
ts/windows/main/phase1-ipc.ts
View file

@ -91,7 +91,7 @@ window.getVersion = () => config.version;
window.getBuildCreation = () => parseIntWithFallback(config.buildCreation, 0);
window.getBuildExpiration = () => config.buildExpiration;
window.getHostName = () => config.hostname;
window.getServerTrustRoot = () => config.serverTrustRoot;
window.getServerTrustRoots = () => config.serverTrustRoots;
window.getServerPublicParams = () => config.serverPublicParams;
window.getGenericServerPublicParams = () => config.genericServerPublicParams;
window.getBackupServerPublicParams = () => config.backupServerPublicParams;