From 29dc87353562a45a3f7d724cae8f7ae1025a02cc Mon Sep 17 00:00:00 2001 From: AsamK Date: Thu, 18 Sep 2025 19:33:02 +0200 Subject: [PATCH] Add new unidentified sender trust root --- .../java/org/asamk/signal/manager/config/LiveConfig.java | 9 ++++++--- .../signal/manager/config/ServiceEnvironmentConfig.java | 2 +- .../org/asamk/signal/manager/config/StagingConfig.java | 9 ++++++--- .../signal/manager/internal/SignalDependencies.java | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/src/main/java/org/asamk/signal/manager/config/LiveConfig.java b/lib/src/main/java/org/asamk/signal/manager/config/LiveConfig.java index f5fdfa2e..f62ef206 100644 --- a/lib/src/main/java/org/asamk/signal/manager/config/LiveConfig.java +++ b/lib/src/main/java/org/asamk/signal/manager/config/LiveConfig.java @@ -27,6 +27,8 @@ class LiveConfig { private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT = Base64.getDecoder() .decode("BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF"); + private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT2 = Base64.getDecoder() + .decode("BUkY0I+9+oPgDCn4+Ac6Iu813yvqkDr/ga8DzLxFxuk6"); private static final String CDSI_MRENCLAVE = "0f6fd79cdfdaa5b2e6337f534d3baf999318b0c462a7ac1f41297a3e4b424a57"; private static final String SVR2_MRENCLAVE_LEGACY = "093be9ea32405e85ae28dbb48eb668aebeb7dbe29517b9b86ad4bec4dfe0e6a6"; private static final String SVR2_MRENCLAVE = "29cd63c87bea751e3bfd0fbd401279192e2e5c99948b4ee9437eafc4968355fb"; @@ -77,9 +79,10 @@ class LiveConfig { false); } - static ECPublicKey getUnidentifiedSenderTrustRoot() { + static List getUnidentifiedSenderTrustRoots() { try { - return new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT); + return List.of(new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT), + new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT2)); } catch (InvalidKeyException e) { throw new AssertionError(e); } @@ -89,7 +92,7 @@ class LiveConfig { return new ServiceEnvironmentConfig(LIVE, LIBSIGNAL_NET_ENV, createDefaultServiceConfiguration(interceptors), - getUnidentifiedSenderTrustRoot(), + getUnidentifiedSenderTrustRoots(), CDSI_MRENCLAVE, List.of(SVR2_MRENCLAVE, SVR2_MRENCLAVE_LEGACY)); } diff --git a/lib/src/main/java/org/asamk/signal/manager/config/ServiceEnvironmentConfig.java b/lib/src/main/java/org/asamk/signal/manager/config/ServiceEnvironmentConfig.java index 8f9f8ce3..b8265191 100644 --- a/lib/src/main/java/org/asamk/signal/manager/config/ServiceEnvironmentConfig.java +++ b/lib/src/main/java/org/asamk/signal/manager/config/ServiceEnvironmentConfig.java @@ -11,7 +11,7 @@ public record ServiceEnvironmentConfig( ServiceEnvironment type, Network.Environment netEnvironment, SignalServiceConfiguration signalServiceConfiguration, - ECPublicKey unidentifiedSenderTrustRoot, + List unidentifiedSenderTrustRoots, String cdsiMrenclave, List svr2Mrenclaves ) {} diff --git a/lib/src/main/java/org/asamk/signal/manager/config/StagingConfig.java b/lib/src/main/java/org/asamk/signal/manager/config/StagingConfig.java index 190759ce..7b2fda75 100644 --- a/lib/src/main/java/org/asamk/signal/manager/config/StagingConfig.java +++ b/lib/src/main/java/org/asamk/signal/manager/config/StagingConfig.java @@ -27,6 +27,8 @@ class StagingConfig { private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT = Base64.getDecoder() .decode("BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx"); + private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT2 = Base64.getDecoder() + .decode("BYhU6tPjqP46KGZEzRs1OL4U39V5dlPJ/X09ha4rErkm"); private static final String CDSI_MRENCLAVE = "0f6fd79cdfdaa5b2e6337f534d3baf999318b0c462a7ac1f41297a3e4b424a57"; private static final String SVR2_MRENCLAVE_LEGACY = "2e8cefe6e3f389d8426adb24e9b7fb7adf10902c96f06f7bbcee36277711ed91"; private static final String SVR2_MRENCLAVE = "a75542d82da9f6914a1e31f8a7407053b99cc99a0e7291d8fbd394253e19b036"; @@ -77,9 +79,10 @@ class StagingConfig { false); } - static ECPublicKey getUnidentifiedSenderTrustRoot() { + static List getUnidentifiedSenderTrustRoots() { try { - return new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT); + return List.of(new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT), + new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT2)); } catch (InvalidKeyException e) { throw new AssertionError(e); } @@ -89,7 +92,7 @@ class StagingConfig { return new ServiceEnvironmentConfig(STAGING, LIBSIGNAL_NET_ENV, createDefaultServiceConfiguration(interceptors), - getUnidentifiedSenderTrustRoot(), + getUnidentifiedSenderTrustRoots(), CDSI_MRENCLAVE, List.of(SVR2_MRENCLAVE, SVR2_MRENCLAVE_LEGACY)); } diff --git a/lib/src/main/java/org/asamk/signal/manager/internal/SignalDependencies.java b/lib/src/main/java/org/asamk/signal/manager/internal/SignalDependencies.java index 222751e4..c2cfebcf 100644 --- a/lib/src/main/java/org/asamk/signal/manager/internal/SignalDependencies.java +++ b/lib/src/main/java/org/asamk/signal/manager/internal/SignalDependencies.java @@ -356,7 +356,7 @@ public class SignalDependencies { } public SignalServiceCipher getCipher(ServiceIdType serviceIdType) { - final var certificateValidator = new CertificateValidator(serviceEnvironmentConfig.unidentifiedSenderTrustRoot()); + final var certificateValidator = new CertificateValidator(serviceEnvironmentConfig.unidentifiedSenderTrustRoots()); final var address = new SignalServiceAddress(credentialsProvider.getAci(), credentialsProvider.getE164()); final var deviceId = credentialsProvider.getDeviceId(); return new SignalServiceCipher(address,