Signal-Android/app/src/main/java/org/thoughtcrime/securesms/keyvalue/KbsValues.java

package org.thoughtcrime.securesms.keyvalue;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;

import org.thoughtcrime.securesms.lock.PinHashing;
import org.thoughtcrime.securesms.util.JsonUtils;
import org.whispersystems.signalservice.api.KbsPinData;
import org.whispersystems.signalservice.api.kbs.MasterKey;
import org.whispersystems.signalservice.internal.contacts.entities.TokenResponse;

import java.io.IOException;
import java.security.SecureRandom;

public final class KbsValues extends SignalStoreValues {

  public  static final String V2_LOCK_ENABLED              = "kbs.v2_lock_enabled";
  private static final String MASTER_KEY                   = "kbs.registration_lock_master_key";
  private static final String TOKEN_RESPONSE               = "kbs.token_response";
  private static final String PIN                          = "kbs.pin";
  private static final String LOCK_LOCAL_PIN_HASH          = "kbs.registration_lock_local_pin_hash";
  private static final String LAST_CREATE_FAILED_TIMESTAMP = "kbs.last_create_failed_timestamp";
  public  static final String OPTED_OUT                    = "kbs.opted_out";

  KbsValues(KeyValueStore store) {
    super(store);
  }

  @Override
  void onFirstEverAppLaunch() {
  }

  /**
   * Deliberately does not clear the {@link #MASTER_KEY}.
   *
   * Should only be called by {@link org.thoughtcrime.securesms.pin.PinState}
   */
  public void clearRegistrationLockAndPin() {
    getStore().beginWrite()
              .remove(V2_LOCK_ENABLED)
              .remove(TOKEN_RESPONSE)
              .remove(LOCK_LOCAL_PIN_HASH)
              .remove(PIN)
              .remove(LAST_CREATE_FAILED_TIMESTAMP)
              .remove(OPTED_OUT)
              .commit();
  }

  /** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */
  public synchronized void setKbsMasterKey(@NonNull KbsPinData pinData, @NonNull String pin) {
    MasterKey masterKey     = pinData.getMasterKey();
    String    tokenResponse;
    try {
      tokenResponse = JsonUtils.toJson(pinData.getTokenResponse());
    } catch (IOException e) {
      throw new AssertionError(e);
    }

    getStore().beginWrite()
              .putString(TOKEN_RESPONSE, tokenResponse)
              .putBlob(MASTER_KEY, masterKey.serialize())
              .putString(LOCK_LOCAL_PIN_HASH, PinHashing.localPinHash(pin))
              .putString(PIN, pin)
              .putLong(LAST_CREATE_FAILED_TIMESTAMP, -1)
              .putBoolean(OPTED_OUT, false)
              .commit();
  }

  synchronized void setPinIfNotPresent(@NonNull String pin) {
    if (getStore().getString(PIN, null) == null) {
      getStore().beginWrite().putString(PIN, pin).commit();
    }
  }

  /** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */
  public synchronized void setV2RegistrationLockEnabled(boolean enabled) {
    putBoolean(V2_LOCK_ENABLED, enabled);
  }

  /**
   * Whether or not registration lock V2 is enabled.
   */
  public synchronized boolean isV2RegistrationLockEnabled() {
    return getBoolean(V2_LOCK_ENABLED, false);
  }

  /** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */
  public synchronized void onPinCreateFailure() {
    putLong(LAST_CREATE_FAILED_TIMESTAMP, System.currentTimeMillis());
  }

  /**
   * Whether or not the last time the user attempted to create a PIN, it failed.
   */
  public synchronized boolean lastPinCreateFailed() {
    return getLong(LAST_CREATE_FAILED_TIMESTAMP, -1) > 0;
  }

  /**
   * Finds or creates the master key. Therefore this will always return a master key whether backed
   * up or not.
   * <p>
   * If you only want a key when it's backed up, use {@link #getPinBackedMasterKey()}.
   */
  public synchronized @NonNull MasterKey getOrCreateMasterKey() {
    byte[] blob = getStore().getBlob(MASTER_KEY, null);

    if (blob == null) {
      getStore().beginWrite()
                .putBlob(MASTER_KEY, MasterKey.createNew(new SecureRandom()).serialize())
                .commit();
      blob = getBlob(MASTER_KEY, null);
    }

    return new MasterKey(blob);
  }

  /**
   * Returns null if master key is not backed up by a pin.
   */
  public synchronized @Nullable MasterKey getPinBackedMasterKey() {
    if (!isV2RegistrationLockEnabled()) return null;
    return getMasterKey();
  }

  private synchronized @Nullable MasterKey getMasterKey() {
    byte[] blob = getBlob(MASTER_KEY, null);
    return blob != null ? new MasterKey(blob) : null;
  }

  public @Nullable String getRegistrationLockToken() {
    MasterKey masterKey = getPinBackedMasterKey();
    if (masterKey == null) {
      return null;
    } else {
      return masterKey.deriveRegistrationLock();
    }
  }

  public synchronized @Nullable String getLocalPinHash() {
    return getString(LOCK_LOCAL_PIN_HASH, null);
  }

  public synchronized boolean hasPin() {
    return getLocalPinHash() != null;
  }

  /** Should only be called by {@link org.thoughtcrime.securesms.pin.PinState}. */
  public synchronized void optOut() {
    getStore().beginWrite()
              .putBoolean(OPTED_OUT, true)
              .remove(TOKEN_RESPONSE)
              .putBlob(MASTER_KEY, MasterKey.createNew(new SecureRandom()).serialize())
              .remove(LOCK_LOCAL_PIN_HASH)
              .remove(PIN)
              .putLong(LAST_CREATE_FAILED_TIMESTAMP, -1)
              .commit();
  }

  public synchronized boolean hasOptedOut() {
    return getBoolean(OPTED_OUT, false);
  }

  public synchronized @Nullable TokenResponse getRegistrationLockTokenResponse() {
    String token = getStore().getString(TOKEN_RESPONSE, null);

    if (token == null) return null;

    try {
      return JsonUtils.fromJson(token, TokenResponse.class);
    } catch (IOException e) {
      throw new AssertionError(e);
    }
  }
}
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`package org.thoughtcrime.securesms.keyvalue;`

Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`import androidx.annotation.NonNull;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`import androidx.annotation.Nullable;`

Improve local encrypted PIN storage. 2020-05-30 00:16:38 +02:00			`import org.thoughtcrime.securesms.lock.PinHashing;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`import org.thoughtcrime.securesms.util.JsonUtils;`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`import org.whispersystems.signalservice.api.KbsPinData;`
Hmac-SIV encryption/decryption. 2020-01-17 19:31:30 +01:00			`import org.whispersystems.signalservice.api.kbs.MasterKey;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`import org.whispersystems.signalservice.internal.contacts.entities.TokenResponse;`

			`import java.io.IOException;`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`import java.security.SecureRandom;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`public final class KbsValues extends SignalStoreValues {`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00
Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`public static final String V2_LOCK_ENABLED = "kbs.v2_lock_enabled";`
			`private static final String MASTER_KEY = "kbs.registration_lock_master_key";`
			`private static final String TOKEN_RESPONSE = "kbs.token_response";`
Improve local encrypted PIN storage. 2020-05-30 00:16:38 +02:00			`private static final String PIN = "kbs.pin";`
Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`private static final String LOCK_LOCAL_PIN_HASH = "kbs.registration_lock_local_pin_hash";`
			`private static final String LAST_CREATE_FAILED_TIMESTAMP = "kbs.last_create_failed_timestamp";`
Add the ability to opt out of PINs. 2020-07-10 01:04:30 +02:00			`public static final String OPTED_OUT = "kbs.opted_out";`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00
			`KbsValues(KeyValueStore store) {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`super(store);`
			`}`

			`@Override`
			`void onFirstEverAppLaunch() {`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`/**`
			`* Deliberately does not clear the {@link #MASTER_KEY}.`
Update registration to allow PIN entry. 2020-04-07 19:19:53 +02:00			`*`
			`* Should only be called by {@link org.thoughtcrime.securesms.pin.PinState}`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`*/`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`public void clearRegistrationLockAndPin() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`getStore().beginWrite()`
			`.remove(V2_LOCK_ENABLED)`
			`.remove(TOKEN_RESPONSE)`
			`.remove(LOCK_LOCAL_PIN_HASH)`
			`.remove(PIN)`
			`.remove(LAST_CREATE_FAILED_TIMESTAMP)`
Add the ability to opt out of PINs. 2020-07-10 01:04:30 +02:00			`.remove(OPTED_OUT)`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`.commit();`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`}`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00
Update registration to allow PIN entry. 2020-04-07 19:19:53 +02:00			`/** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */`
Improve local encrypted PIN storage. 2020-05-30 00:16:38 +02:00			`public synchronized void setKbsMasterKey(@NonNull KbsPinData pinData, @NonNull String pin) {`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`MasterKey masterKey = pinData.getMasterKey();`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`String tokenResponse;`
			`try {`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`tokenResponse = JsonUtils.toJson(pinData.getTokenResponse());`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`} catch (IOException e) {`
			`throw new AssertionError(e);`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`getStore().beginWrite()`
			`.putString(TOKEN_RESPONSE, tokenResponse)`
			`.putBlob(MASTER_KEY, masterKey.serialize())`
			`.putString(LOCK_LOCAL_PIN_HASH, PinHashing.localPinHash(pin))`
			`.putString(PIN, pin)`
			`.putLong(LAST_CREATE_FAILED_TIMESTAMP, -1)`
Update pin opt-out strings and behavior. 2020-07-11 00:06:51 +02:00			`.putBoolean(OPTED_OUT, false)`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`.commit();`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Improve local encrypted PIN storage. 2020-05-30 00:16:38 +02:00			`synchronized void setPinIfNotPresent(@NonNull String pin) {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`if (getStore().getString(PIN, null) == null) {`
			`getStore().beginWrite().putString(PIN, pin).commit();`
Improve local encrypted PIN storage. 2020-05-30 00:16:38 +02:00			`}`
			`}`

Update registration to allow PIN entry. 2020-04-07 19:19:53 +02:00			`/** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`public synchronized void setV2RegistrationLockEnabled(boolean enabled) {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`putBoolean(V2_LOCK_ENABLED, enabled);`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`}`

Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`/**`
			`* Whether or not registration lock V2 is enabled.`
			`*/`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`public synchronized boolean isV2RegistrationLockEnabled() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`return getBoolean(V2_LOCK_ENABLED, false);`
Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`}`

Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`/** Should only be set by {@link org.thoughtcrime.securesms.pin.PinState}. */`
			`public synchronized void onPinCreateFailure() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`putLong(LAST_CREATE_FAILED_TIMESTAMP, System.currentTimeMillis());`
Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`}`

			`/**`
			`* Whether or not the last time the user attempted to create a PIN, it failed.`
			`*/`
			`public synchronized boolean lastPinCreateFailed() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`return getLong(LAST_CREATE_FAILED_TIMESTAMP, -1) > 0;`
Handle PIN creation failure better. 2020-05-09 18:02:18 +02:00			`}`

Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`/**`
			`* Finds or creates the master key. Therefore this will always return a master key whether backed`
			`* up or not.`
			`* <p>`
			`* If you only want a key when it's backed up, use {@link #getPinBackedMasterKey()}.`
			`*/`
			`public synchronized @NonNull MasterKey getOrCreateMasterKey() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`byte[] blob = getStore().getBlob(MASTER_KEY, null);`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00
			`if (blob == null) {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`getStore().beginWrite()`
			`.putBlob(MASTER_KEY, MasterKey.createNew(new SecureRandom()).serialize())`
			`.commit();`
			`blob = getBlob(MASTER_KEY, null);`
Hmac-SIV encryption/decryption. 2020-01-17 19:31:30 +01:00			`}`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00
			`return new MasterKey(blob);`
			`}`

			`/**`
			`* Returns null if master key is not backed up by a pin.`
			`*/`
			`public synchronized @Nullable MasterKey getPinBackedMasterKey() {`
			`if (!isV2RegistrationLockEnabled()) return null;`
			`return getMasterKey();`
			`}`

			`private synchronized @Nullable MasterKey getMasterKey() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`byte[] blob = getBlob(MASTER_KEY, null);`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`return blob != null ? new MasterKey(blob) : null;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

			`public @Nullable String getRegistrationLockToken() {`
Replace pinstretcher with Argon2 and new PIN encryption. 2020-01-22 21:02:06 +01:00			`MasterKey masterKey = getPinBackedMasterKey();`
			`if (masterKey == null) {`
			`return null;`
			`} else {`
			`return masterKey.deriveRegistrationLock();`
			`}`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Re-enable and clean up Signal PINs. - Require PINs during registration agian. - Change min length to 4. - Allow the full-screen megaphone to be enabled remotely. - Clean up and remove some code. 2020-04-02 01:55:18 +02:00			`public synchronized @Nullable String getLocalPinHash() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`return getString(LOCK_LOCAL_PIN_HASH, null);`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Separate PINs from Registration Lock. You can now have a PIN without having registration lock. Note: We still need to change the registration flow to allow non-reglock users to enter their PIN. 2020-04-02 23:09:25 +02:00			`public synchronized boolean hasPin() {`
			`return getLocalPinHash() != null;`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00			`}`

Update pin opt-out strings and behavior. 2020-07-11 00:06:51 +02:00			`/** Should only be called by {@link org.thoughtcrime.securesms.pin.PinState}. */`
Add the ability to opt out of PINs. 2020-07-10 01:04:30 +02:00			`public synchronized void optOut() {`
			`getStore().beginWrite()`
Update pin opt-out strings and behavior. 2020-07-11 00:06:51 +02:00			`.putBoolean(OPTED_OUT, true)`
			`.remove(TOKEN_RESPONSE)`
			`.putBlob(MASTER_KEY, MasterKey.createNew(new SecureRandom()).serialize())`
			`.remove(LOCK_LOCAL_PIN_HASH)`
			`.remove(PIN)`
			`.putLong(LAST_CREATE_FAILED_TIMESTAMP, -1)`
			`.commit();`
Add the ability to opt out of PINs. 2020-07-10 01:04:30 +02:00			`}`

			`public synchronized boolean hasOptedOut() {`
			`return getBoolean(OPTED_OUT, false);`
			`}`

Re-enable and clean up Signal PINs. - Require PINs during registration agian. - Change min length to 4. - Allow the full-screen megaphone to be enabled remotely. - Clean up and remove some code. 2020-04-02 01:55:18 +02:00			`public synchronized @Nullable TokenResponse getRegistrationLockTokenResponse() {`
Light refactor of SignalStore. 2020-06-11 00:24:27 +02:00			`String token = getStore().getString(TOKEN_RESPONSE, null);`
Use SignalStore for KBS Values. 2020-01-17 17:14:54 +01:00
			`if (token == null) return null;`

			`try {`
			`return JsonUtils.fromJson(token, TokenResponse.class);`
			`} catch (IOException e) {`
			`throw new AssertionError(e);`
			`}`
			`}`
			`}`