- prekeys
- SessionCipher
- LokiCipher
- endSession and the reset Session logic
- what we called Sessionprotocol manager (to keep track of session with
everyone)
now we do as followed:
• Generate 16 bytes of random data
• Add 16 bytes of zeros
• Use the 16 bytes of random + 16 bytes of zeros to generate an ED25519 key pair
• Convert the ED25519 key pair to an X25519 key pair
All of this is happening with libsodiumm called over IPC
to reproduce before this fix:
- start link process of second device to first desktop device
- quit or refresh the second device window without updating any fields
- quit or refresh (a second time) the second device window without
updating any fields
- the second device window is now considered logged in (as a new device,
not linked with the first one)
This forces a full reset of the registration state when the registration
components are loaded, which are loaded only if the registration is not
done as required.
This is the reason that seeds across desktop and mobile devices would never restore to the same keypair. This function was there from the initial messenger days and with further discussion with Maxim, we deemed calling this function an unnecessary step for generating a keypair. There are no security implications for this change as we generate keypairs the exact same way as Signal does.
The biggest downside to this change however is that if you try to restore a desktop device with a seed from before this change, that seed will generate a completely different key pair and thus a different session ID.
This will only affect users who plan to restore any device from the seed of a desktop device before this change.
Audric Ackermann
Mikunj
Vincent
Ryan Tharp