Update to libsignal 0.60.2
Co-authored-by: trevor-signal <131492920+trevor-signal@users.noreply.github.com>
This commit is contained in:
parent
32d1581da1
commit
4dde3df4d3
6 changed files with 32 additions and 58 deletions
|
@ -4300,7 +4300,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.1, libsignal-jni 0.60.1, libsignal-jni-testing 0.60.1, libsignal-node 0.60.1, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
|
## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.2, libsignal-jni 0.60.2, libsignal-jni-testing 0.60.2, libsignal-node 0.60.2, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
|
||||||
|
|
||||||
```
|
```
|
||||||
GNU AFFERO GENERAL PUBLIC LICENSE
|
GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
|
8
package-lock.json
generated
8
package-lock.json
generated
|
@ -22,7 +22,7 @@
|
||||||
"@react-aria/utils": "3.16.0",
|
"@react-aria/utils": "3.16.0",
|
||||||
"@react-spring/web": "9.5.5",
|
"@react-spring/web": "9.5.5",
|
||||||
"@signalapp/better-sqlite3": "9.0.8",
|
"@signalapp/better-sqlite3": "9.0.8",
|
||||||
"@signalapp/libsignal-client": "0.60.1",
|
"@signalapp/libsignal-client": "0.60.2",
|
||||||
"@signalapp/ringrtc": "2.48.4",
|
"@signalapp/ringrtc": "2.48.4",
|
||||||
"@types/fabric": "4.5.3",
|
"@types/fabric": "4.5.3",
|
||||||
"backbone": "1.4.0",
|
"backbone": "1.4.0",
|
||||||
|
@ -7274,9 +7274,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/@signalapp/libsignal-client": {
|
"node_modules/@signalapp/libsignal-client": {
|
||||||
"version": "0.60.1",
|
"version": "0.60.2",
|
||||||
"resolved": "https://registry.npmjs.org/@signalapp/libsignal-client/-/libsignal-client-0.60.1.tgz",
|
"resolved": "https://registry.npmjs.org/@signalapp/libsignal-client/-/libsignal-client-0.60.2.tgz",
|
||||||
"integrity": "sha512-euLw0lFVyqSFeA/hYwr0RHDIsFKNVPTYDMr9JT1hG4oflYdzeesgPxqsJNDMio4esQGUSKcXxtw2gjsl+Qczfg==",
|
"integrity": "sha512-tU4kNP/yCwkFntb2ahXOSQJtzdy+YifAB2yv5hw0qyKSidRHLn6bYiz4Zo2tjxLDRoBLAUxCRsQramStiqNZdA==",
|
||||||
"hasInstallScript": true,
|
"hasInstallScript": true,
|
||||||
"license": "AGPL-3.0-only",
|
"license": "AGPL-3.0-only",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
|
|
@ -108,7 +108,7 @@
|
||||||
"@react-aria/utils": "3.16.0",
|
"@react-aria/utils": "3.16.0",
|
||||||
"@react-spring/web": "9.5.5",
|
"@react-spring/web": "9.5.5",
|
||||||
"@signalapp/better-sqlite3": "9.0.8",
|
"@signalapp/better-sqlite3": "9.0.8",
|
||||||
"@signalapp/libsignal-client": "0.60.1",
|
"@signalapp/libsignal-client": "0.60.2",
|
||||||
"@signalapp/ringrtc": "2.48.4",
|
"@signalapp/ringrtc": "2.48.4",
|
||||||
"@types/fabric": "4.5.3",
|
"@types/fabric": "4.5.3",
|
||||||
"backbone": "1.4.0",
|
"backbone": "1.4.0",
|
||||||
|
|
46
ts/Crypto.ts
46
ts/Crypto.ts
|
@ -155,52 +155,6 @@ export function decryptDeviceName(
|
||||||
return Bytes.toString(plaintext);
|
return Bytes.toString(plaintext);
|
||||||
}
|
}
|
||||||
|
|
||||||
const BACKUP_KEY_LEN = 32;
|
|
||||||
const BACKUP_MEDIA_THUMBNAIL_ENCRYPT_INFO =
|
|
||||||
'20241030_SIGNAL_BACKUPS_ENCRYPT_THUMBNAIL:';
|
|
||||||
const BACKUP_MEDIA_AES_KEY_LEN = 32;
|
|
||||||
const BACKUP_MEDIA_MAC_KEY_LEN = 32;
|
|
||||||
const BACKUP_MEDIA_IV_LEN = 16;
|
|
||||||
|
|
||||||
export type BackupMediaKeyMaterialType = Readonly<{
|
|
||||||
aesKey: Uint8Array;
|
|
||||||
macKey: Uint8Array;
|
|
||||||
}>;
|
|
||||||
|
|
||||||
export function deriveBackupMediaThumbnailInnerEncryptionKeyMaterial(
|
|
||||||
mediaRootKey: Uint8Array,
|
|
||||||
mediaId: Uint8Array
|
|
||||||
): BackupMediaKeyMaterialType {
|
|
||||||
if (mediaRootKey.byteLength !== BACKUP_KEY_LEN) {
|
|
||||||
throw new Error(
|
|
||||||
'deriveBackupMediaThumbnailKeyMaterial: invalid backup key length'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!mediaId.length) {
|
|
||||||
throw new Error('deriveBackupMediaThumbnailKeyMaterial: mediaId missing');
|
|
||||||
}
|
|
||||||
|
|
||||||
const hkdf = HKDF.new(3);
|
|
||||||
const material = hkdf.deriveSecrets(
|
|
||||||
BACKUP_MEDIA_MAC_KEY_LEN + BACKUP_MEDIA_AES_KEY_LEN + BACKUP_MEDIA_IV_LEN,
|
|
||||||
Buffer.from(mediaRootKey),
|
|
||||||
Buffer.concat([
|
|
||||||
Buffer.from(BACKUP_MEDIA_THUMBNAIL_ENCRYPT_INFO),
|
|
||||||
Buffer.from(mediaId),
|
|
||||||
]),
|
|
||||||
Buffer.alloc(0)
|
|
||||||
);
|
|
||||||
|
|
||||||
return {
|
|
||||||
aesKey: material.subarray(0, BACKUP_MEDIA_AES_KEY_LEN),
|
|
||||||
macKey: material.subarray(
|
|
||||||
BACKUP_MEDIA_AES_KEY_LEN,
|
|
||||||
BACKUP_MEDIA_AES_KEY_LEN + BACKUP_MEDIA_MAC_KEY_LEN
|
|
||||||
),
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
export function deriveMasterKey(accountEntropyPool: string): Uint8Array {
|
export function deriveMasterKey(accountEntropyPool: string): Uint8Array {
|
||||||
return AccountEntropyPool.deriveSvrKey(accountEntropyPool);
|
return AccountEntropyPool.deriveSvrKey(accountEntropyPool);
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,10 +25,10 @@ import {
|
||||||
decryptAttachmentV2ToSink,
|
decryptAttachmentV2ToSink,
|
||||||
ReencryptedDigestMismatchError,
|
ReencryptedDigestMismatchError,
|
||||||
} from '../AttachmentCrypto';
|
} from '../AttachmentCrypto';
|
||||||
import { deriveBackupMediaThumbnailInnerEncryptionKeyMaterial } from '../Crypto';
|
|
||||||
import {
|
import {
|
||||||
getBackupMediaRootKey,
|
getBackupMediaRootKey,
|
||||||
deriveBackupMediaKeyMaterial,
|
deriveBackupMediaKeyMaterial,
|
||||||
|
deriveBackupThumbnailTransitKeyMaterial,
|
||||||
} from '../services/backups/crypto';
|
} from '../services/backups/crypto';
|
||||||
import {
|
import {
|
||||||
type AttachmentBackupJobType,
|
type AttachmentBackupJobType,
|
||||||
|
@ -432,9 +432,8 @@ async function backupThumbnailAttachment(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const { aesKey, macKey } =
|
const { aesKey, macKey } = deriveBackupThumbnailTransitKeyMaterial(
|
||||||
deriveBackupMediaThumbnailInnerEncryptionKeyMaterial(
|
getBackupMediaRootKey(),
|
||||||
getBackupMediaRootKey().serialize(),
|
|
||||||
mediaId.bytes
|
mediaId.bytes
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -104,3 +104,24 @@ export function deriveBackupMediaKeyMaterial(
|
||||||
),
|
),
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function deriveBackupThumbnailTransitKeyMaterial(
|
||||||
|
mediaRootKey: BackupKey,
|
||||||
|
mediaId: Uint8Array
|
||||||
|
): BackupMediaKeyMaterialType {
|
||||||
|
if (!mediaId.length) {
|
||||||
|
throw new Error('deriveBackupThumbnailTransitKeyMaterial: mediaId missing');
|
||||||
|
}
|
||||||
|
|
||||||
|
const material = mediaRootKey.deriveThumbnailTransitEncryptionKey(
|
||||||
|
Buffer.from(mediaId)
|
||||||
|
);
|
||||||
|
|
||||||
|
return {
|
||||||
|
macKey: material.subarray(0, BACKUP_MEDIA_MAC_KEY_LEN),
|
||||||
|
aesKey: material.subarray(
|
||||||
|
BACKUP_MEDIA_MAC_KEY_LEN,
|
||||||
|
BACKUP_MEDIA_MAC_KEY_LEN + BACKUP_MEDIA_AES_KEY_LEN
|
||||||
|
),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue