From 2bf385fe384b1144e741bda45893d713b41c7094 Mon Sep 17 00:00:00 2001
From: Nicholas <nicholas@signal.org>
Date: Tue, 5 Sep 2023 15:35:41 -0400
Subject: [PATCH] Upgrade libsignal to 0.32.0

---
 dependencies.gradle                           |  2 +-
 gradle/verification-metadata.xml              | 36 ++++++-------------
 .../api/crypto/EnvelopeContent.java           |  9 ++---
 .../api/crypto/SignalServiceCipher.java       | 22 +++++++-----
 .../api/crypto/SignalSessionCipher.java       |  2 +-
 5 files changed, 30 insertions(+), 41 deletions(-)

diff --git a/dependencies.gradle b/dependencies.gradle
index 8aff7495ff..2d924e8944 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -15,7 +15,7 @@ dependencyResolutionManagement {
             version('exoplayer', '2.19.0')
             version('glide', '4.15.1')
             version('kotlin', '1.8.10')
-            version('libsignal-client', '0.31.0')
+            version('libsignal-client', '0.32.0')
             version('mp4parser', '1.9.39')
             version('android-gradle-plugin', '8.0.2')
             version('accompanist', '0.28.0')
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 68044589a9..e4737354b2 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -5249,36 +5249,20 @@ https://docs.gradle.org/current/userguide/dependency_verification.html
             <sha256 value="6eb4422e8a618b3b76cb2096a3619d251f9e27989dc68307a1e5414c3710f2d1" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.signal" name="libsignal-android" version="0.30.0">
-         <artifact name="libsignal-android-0.30.0.aar">
-            <sha256 value="213bbe44b9fb82aa07a2a7dff76c52cc8f20c21652f4e48e2b9592ea10fd9858" origin="Generated by Gradle"/>
+      <component group="org.signal" name="libsignal-android" version="0.32.0">
+         <artifact name="libsignal-android-0.32.0.aar">
+            <sha256 value="35f042d6b69750e875aa0fe89310aab9dea6ea59c55c49e22cdecd015e82b01b" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="libsignal-android-0.30.0.module">
-            <sha256 value="9e91e6702832b6f08535e836c7f14d927c08b407fb0be771bc15959a120e0d29" origin="Generated by Gradle"/>
+         <artifact name="libsignal-android-0.32.0.module">
+            <sha256 value="a41851712342885abf15acc0ac811e89e5b0101468e088d348b1e9a3ed6bb644" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.signal" name="libsignal-android" version="0.31.0">
-         <artifact name="libsignal-android-0.31.0.aar">
-            <sha256 value="772277a754e25cdd5b105bbb11508f2b9f7d1da9a44efcce909ac452eadad12e" origin="Generated by Gradle"/>
+      <component group="org.signal" name="libsignal-client" version="0.32.0">
+         <artifact name="libsignal-client-0.32.0.jar">
+            <sha256 value="e2fbf91dd897e4e568ab4ad4411ed8a4b680e6fb449a7438ef0ceaa92c7f465b" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="libsignal-android-0.31.0.module">
-            <sha256 value="c624cbfe126297950ade8b31adb5b1f4a35767d7ab7c51345f2868eb54bc12c3" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.signal" name="libsignal-client" version="0.30.0">
-         <artifact name="libsignal-client-0.30.0.jar">
-            <sha256 value="12366d110077890bc5a559928b3b967a00493ea60658d8e67a7d5d42729507b1" origin="Generated by Gradle"/>
-         </artifact>
-         <artifact name="libsignal-client-0.30.0.module">
-            <sha256 value="6392d6b1fa1823d45f2ebfa5c5619fe96c3393826e66e5d7127efe2b5844e0fb" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.signal" name="libsignal-client" version="0.31.0">
-         <artifact name="libsignal-client-0.31.0.jar">
-            <sha256 value="b3c4778d7001c75314985e8860dcb44e8542ce1ef66493b7115c4ca82543ec13" origin="Generated by Gradle"/>
-         </artifact>
-         <artifact name="libsignal-client-0.31.0.module">
-            <sha256 value="8349788029cfb63acb5a1999b60cba9c40c0101d959159f055c7baded228bde6" origin="Generated by Gradle"/>
+         <artifact name="libsignal-client-0.32.0.module">
+            <sha256 value="d96f4ed38e88199a6442a9c4789291a6f0df48a18c35ce464b2fa049f692dc56" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="org.signal" name="ringrtc-android" version="2.31.2">
diff --git a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/EnvelopeContent.java b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/EnvelopeContent.java
index ef95b2cc96..af84564696 100644
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/EnvelopeContent.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/EnvelopeContent.java
@@ -3,6 +3,7 @@ package org.whispersystems.signalservice.api.crypto;
 import org.signal.libsignal.metadata.certificate.SenderCertificate;
 import org.signal.libsignal.metadata.protocol.UnidentifiedSenderMessageContent;
 import org.signal.libsignal.protocol.InvalidKeyException;
+import org.signal.libsignal.protocol.NoSessionException;
 import org.signal.libsignal.protocol.SignalProtocolAddress;
 import org.signal.libsignal.protocol.UntrustedIdentityException;
 import org.signal.libsignal.protocol.message.CiphertextMessage;
@@ -28,12 +29,12 @@ public interface EnvelopeContent {
                                           SignalSealedSessionCipher sealedSessionCipher,
                                           SignalProtocolAddress destination,
                                           SenderCertificate senderCertificate)
-      throws UntrustedIdentityException, InvalidKeyException;
+      throws UntrustedIdentityException, InvalidKeyException, NoSessionException;
 
   /**
    * Processes the content using unsealed sender.
    */
-  OutgoingPushMessage processUnsealedSender(SignalSessionCipher sessionCipher, SignalProtocolAddress destination) throws UntrustedIdentityException;
+  OutgoingPushMessage processUnsealedSender(SignalSessionCipher sessionCipher, SignalProtocolAddress destination) throws UntrustedIdentityException, NoSessionException;
 
   /**
    * An estimated size, in bytes.
@@ -77,7 +78,7 @@ public interface EnvelopeContent {
                                                    SignalSealedSessionCipher sealedSessionCipher,
                                                    SignalProtocolAddress destination,
                                                    SenderCertificate senderCertificate)
-        throws UntrustedIdentityException, InvalidKeyException
+        throws UntrustedIdentityException, InvalidKeyException, NoSessionException
     {
       PushTransportDetails             transportDetails = new PushTransportDetails();
       CiphertextMessage                message          = sessionCipher.encrypt(transportDetails.getPaddedMessageBody(content.toByteArray()));
@@ -94,7 +95,7 @@ public interface EnvelopeContent {
     }
 
     @Override
-    public OutgoingPushMessage processUnsealedSender(SignalSessionCipher sessionCipher, SignalProtocolAddress destination) throws UntrustedIdentityException {
+    public OutgoingPushMessage processUnsealedSender(SignalSessionCipher sessionCipher, SignalProtocolAddress destination) throws UntrustedIdentityException, NoSessionException {
       PushTransportDetails transportDetails     = new PushTransportDetails();
       CiphertextMessage    message              = sessionCipher.encrypt(transportDetails.getPaddedMessageBody(content.toByteArray()));
       int                  remoteRegistrationId = sessionCipher.getRemoteRegistrationId();
diff --git a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
index 5080028c52..c91434c0b0 100644
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalServiceCipher.java
@@ -29,6 +29,7 @@ import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.InvalidKeyIdException;
 import org.signal.libsignal.protocol.InvalidMessageException;
 import org.signal.libsignal.protocol.InvalidRegistrationIdException;
+import org.signal.libsignal.protocol.InvalidSessionException;
 import org.signal.libsignal.protocol.InvalidVersionException;
 import org.signal.libsignal.protocol.LegacyMessageException;
 import org.signal.libsignal.protocol.NoSessionException;
@@ -106,20 +107,23 @@ public class SignalServiceCipher {
     return sessionCipher.multiRecipientEncrypt(destinations, messageContent);
   }
 
-  public OutgoingPushMessage encrypt(SignalProtocolAddress        destination,
+  public OutgoingPushMessage encrypt(SignalProtocolAddress destination,
                                      Optional<UnidentifiedAccess> unidentifiedAccess,
-                                     EnvelopeContent              content)
+                                     EnvelopeContent content)
       throws UntrustedIdentityException, InvalidKeyException
   {
-    if (unidentifiedAccess.isPresent()) {
-      SignalSessionCipher       sessionCipher        = new SignalSessionCipher(sessionLock, new SessionCipher(signalProtocolStore, destination));
-      SignalSealedSessionCipher sealedSessionCipher  = new SignalSealedSessionCipher(sessionLock, new SealedSessionCipher(signalProtocolStore, localAddress.getServiceId().getRawUuid(), localAddress.getNumber().orElse(null), localDeviceId));
-
-      return content.processSealedSender(sessionCipher, sealedSessionCipher, destination, unidentifiedAccess.get().getUnidentifiedCertificate());
-    } else {
+    try {
       SignalSessionCipher sessionCipher = new SignalSessionCipher(sessionLock, new SessionCipher(signalProtocolStore, destination));
+      if (unidentifiedAccess.isPresent()) {
+        SignalSealedSessionCipher sealedSessionCipher = new SignalSealedSessionCipher(sessionLock, new SealedSessionCipher(signalProtocolStore, localAddress.getServiceId().getRawUuid(), localAddress.getNumber()
+                                                                                                                                                                                                      .orElse(null), localDeviceId));
 
-      return content.processUnsealedSender(sessionCipher, destination);
+        return content.processSealedSender(sessionCipher, sealedSessionCipher, destination, unidentifiedAccess.get().getUnidentifiedCertificate());
+      } else {
+        return content.processUnsealedSender(sessionCipher, destination);
+      }
+    } catch (NoSessionException e) {
+      throw new InvalidSessionException("Session not found.");
     }
   }
 
diff --git a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
index f75844bd09..201302a266 100644
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSessionCipher.java
@@ -27,7 +27,7 @@ public class SignalSessionCipher {
     this.cipher = cipher;
   }
 
-  public CiphertextMessage encrypt(byte[] paddedMessage) throws org.signal.libsignal.protocol.UntrustedIdentityException {
+  public CiphertextMessage encrypt(byte[] paddedMessage) throws org.signal.libsignal.protocol.UntrustedIdentityException, NoSessionException {
     try (SignalSessionLock.Lock unused = lock.acquire()) {
       return cipher.encrypt(paddedMessage);
     }