Commit Graph

32 Commits

Author SHA1 Message Date
Rolfe Schmidt
81afdfe2fa MAC sender ID 2026-04-01 11:22:54 -06:00
Rolfe Schmidt
98794de745 1:1 decryption takes local address 2026-03-27 16:45:07 -06:00
gram-signal
533d11dd7c Remove usePqRatchet from client-facing code, defaulting to always use. 2025-10-02 11:32:36 -07:00
Jordan Rose
2879220e93 Require Kyber keys/ciphertexts throughout all XDH APIs 2025-06-13 16:06:07 -07:00
Alex Bakon
3157a9be55 Fix device ID construction in cross-version tests 2025-06-13 17:24:01 -04:00
Alex Bakon
02b786b07e Limit device ID to the range 1-127
This is already required for sealed sender messages and enforced by the server.
2025-06-13 14:18:16 -04:00
gram-signal
b7b8040e3a Integrate post-quantum ratchet SPQR.
This PR integrates a post-quantum ratchet (SPQR) into libsignal, using an API that maintains its own internal chain and provides per-message keys.  In doing so, it also aims to be fully backwards-compatible with current clients and stored session state.

## Backwards compatibility with current clients

Remote clients that connect to us or that we connect to may not have this integration.  If they don't, their SignalMessage wire format should still deserialize, and in doing so we'll receive an empty pq_ratchet field.  SQPR handles this internally, by downgrading the protocol version to "version 0" or "don't do anything".  Note that should we eventually want to disallow this, we can do so via increasing the `min_version` field passed into the SQPR init functions to V1.  This is also the method by which we would upgrade SQPR from v1 to a future v2, etc.

## Opt-in

The publicly facing API calls for this now expose an explicit opt-in via a passed-in `use_pq_ratchet` bool (and associated enums in language-specific APIs).  If false, they default to SQPR `v0`, IE: none.  If true, they try to set up SPQR on new sessions, but will downgrade if the remote party cannot or will not do the same.
2025-06-04 11:18:12 -07:00
Alex Bakon
13b2b8aff4 Take RNG as a parameter when generating kyber keys 2025-04-29 10:54:21 -04:00
Alex Bakon
aeb2f2a561 Bump rand dependency to 0.9 2025-04-24 13:12:56 -04:00
Alex Konradi
a54e6b5b33 Format with group_imports=StdExternalCrate 2024-08-28 14:52:47 -04:00
Alex Konradi
09bffd5ab4 Use a named type for protocol timestamp 2024-04-30 16:33:11 -04:00
moiseev-signal
0ae3eb3c14 protocol: Clean up pending Kyber pre-keys from sessions 2023-11-17 14:46:03 -08:00
Jordan Rose
08df716540 protocol: Coalesce duplicate recipients in SSv2 parsing
There should be no reason for a client to split up devices of the same
recipient in a non-contiguous manner, but since we'd have to check it
anyway, we might as well accept it. (Duplicating devices within a
recipient can then be checked separately.)
2023-11-07 12:19:14 -08:00
Jordan Rose
5c841ef281 Add proper parse logic for the SSv2 SentMessage format
This isn't hooked up to anything that the fan_out test method wasn't,
but it will come in handy for future testing.
2023-10-20 10:16:51 -07:00
akonradi-signal
ef542e3b9f Bump rust compiler version to nightly 2023-09-01 2023-09-12 14:27:08 -04:00
Jordan Rose
024c618f20 protocol: Throw SessionNotFound for an expired unacknowledged session
For the most part this should happen transparently without any
explicit adoption, like the previous change, but for Java code the
NoSessionException is now properly declared on SessionCipher.encrypt.
(This was always technically possible, but clients were expected to
have previously checked for session validity before using
SessionCipher; now that there's an expiration involved, that's not
strictly possible.)
2023-08-22 17:00:35 -07:00
Jordan Rose
008fad966e protocol: Rip "Context" out of the Rust layer
Only the iOS client ever used this extra parameter, and it's one
that's easily stored alongside the reference to a store. This is
massively simpler than having it threaded down to the Rust
libsignal_protocol and back up through the bridging layer.
2023-07-27 15:40:44 -07:00
moiseev-signal
28e112bac1 Add PQXDH tests 2023-05-23 16:14:44 -07:00
Rolfe Schmidt
ff09619432 Add Kyber KEM and implement PQXDH protocol
Co-authored-by: Jordan Rose <jrose@signal.org>
Co-authored-by: Max Moiseev <moiseev@signal.org>
2023-05-09 16:44:40 -07:00
Danny McClanahan
c8b81c9585 [#476] set imports granularity 2022-07-20 13:10:43 -07:00
Danny McClanahan
ec3c2d32bc [#289] introduce wrapper structs for DeviceId, SignedPreKeyId, and PreKeyId 2022-07-20 13:10:43 -07:00
Jordan Rose
b5da2eac9d Update Rust to nightly-2022-06-22 2022-06-24 10:56:48 -07:00
Nora Trapp
81ffe0af51 Update toolchain to nightly-2021-06-08 2021-06-09 14:04:22 -07:00
Jack Lloyd
14060ae168 Remove all uses of unwrap from library source 2021-03-03 12:04:24 -05:00
Jordan Rose
21875d82f4 Fix or mark-as-allowed Clippy lints in tests
And tweak the GitHub Clippy enforcement so this doesn't regress.
2021-02-22 09:46:25 -08:00
Jordan Rose
6633761939 Drop the "-rust" from the "libsignal-protocol" crate
The project corresponds to libsignal-protocol-java and the others, but
/within/ the language we don't need to tag with the language name.
2021-02-04 10:26:36 -08:00
Jack Lloyd
25cfaab480 Update tests for new PreKeyBundle::new signature 2021-01-28 17:20:42 -05:00
Jack Lloyd
f87c41b0d1 Avoid returning SessionState from the ratchet initializer functions
These still need to be exposed for the Java tests but they only
need to see the SessionRecord not the SessionState.

The internal functions still need to return a SessionState due to how
these functions are used within the crate.
2020-12-10 08:32:47 -05:00
Jordan Rose
33b8c6ad8d Run cargo fmt after async changes 2020-11-03 14:35:38 -08:00
Jordan Rose
90a9f76dc6 Thread 'async' through any protocol APIs that take Stores
In preparation for Desktop, which must asynchronously access its
database (rather than putting the entire operation on a background
thread with synchronization at the database layer).

The FFI and JNI wrappers (as well as the tests) use
futures::executor::block_on to turn the operations back into
synchronous ones.
2020-11-03 14:35:38 -08:00
Jack Lloyd
946e0670f6 Switch to AGPL 3.0 2020-11-02 17:53:10 -05:00
Jack Lloyd
a0a4ffb40f Move libsignal-protocol-rust to rust/protocol 2020-10-15 15:41:20 -04:00