Check structural validity of prekeys at upload time

service/src/main/java/org/whispersystems/textsecuregcm/entities/ChangeNumberRequest.java

@@ -18,6 +18,8 @@
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
 
 public record ChangeNumberRequest(
     @Schema(description="""
@@ -49,15 +51,15 @@ Exactly one message must be supplied for each enabled device other than the send
     @Schema(description="""
         A new signed elliptic-curve prekey for each enabled device on the account, including this one.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    @NotNull @Valid Map<Long, @NotNull @Valid SignedPreKey> devicePniSignedPrekeys,
+    @NotNull @Valid Map<Long, @NotNull @Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> devicePniSignedPrekeys,
 
     @Schema(description="""
         A new signed post-quantum last-resort prekey for each enabled device on the account, including this one.
         May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored.
         If present, must contain one prekey per enabled device including this one.
         Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    @Valid Map<Long, @NotNull @Valid SignedPreKey> devicePniPqLastResortPrekeys,
+    @Valid Map<Long, @NotNull @Valid @ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> devicePniPqLastResortPrekeys,
 
     @Schema(description="the new phone-number-identity registration ID for each enabled device on the account, including this one")
     @NotNull Map<Long, Integer> pniRegistrationIds) implements PhoneVerificationRequest {

service/src/main/java/org/whispersystems/textsecuregcm/entities/ChangePhoneNumberRequest.java

@@ -18,6 +18,8 @@
 import javax.validation.Valid;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
 
 public record ChangePhoneNumberRequest(
     @Schema(description="the new phone number for this account")
@@ -42,15 +44,15 @@ Exactly one message must be supplied for each enabled device other than the send
     @Schema(description="""
         A new signed elliptic-curve prekey for each enabled device on the account, including this one.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    @Nullable Map<Long, SignedPreKey> devicePniSignedPrekeys,
+    @Nullable Map<Long, @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> devicePniSignedPrekeys,
 
     @Schema(description="""
         A new signed post-quantum last-resort prekey for each enabled device on the account, including this one.
         May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored.
         If present, must contain one prekey per enabled device including this one.
         Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    @Nullable @Valid Map<Long, @NotNull @Valid SignedPreKey> devicePniPqLastResortPrekeys,
+    @Nullable @Valid Map<Long, @NotNull @Valid @ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> devicePniPqLastResortPrekeys,
 
     @Schema(description="the new phone-number-identity registration ID for each enabled device on the account, including this one")
     @Nullable Map<Long, Integer> pniRegistrationIds) {

service/src/main/java/org/whispersystems/textsecuregcm/entities/DeviceActivationRequest.java

@@ -3,35 +3,39 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 
 import javax.validation.Valid;
+
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
+
 import java.util.Optional;
 
 public record DeviceActivationRequest(@Schema(requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = """
                                   A signed EC pre-key to be associated with this account's ACI. If provided, an account
                                   will be created "atomically," and all other properties needed for atomic account
                                   creation must also be present.
                                   """)
-                                Optional<@Valid SignedPreKey> aciSignedPreKey,
+                                Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> aciSignedPreKey,
 
                                       @Schema(requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = """
                                   A signed EC pre-key to be associated with this account's PNI. If provided, an account
                                   will be created "atomically," and all other properties needed for atomic account
                                   creation must also be present.
                                   """)
-                                Optional<@Valid SignedPreKey> pniSignedPreKey,
+                                Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> pniSignedPreKey,
 
                                       @Schema(requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = """
                                   A signed Kyber-1024 "last resort" pre-key to be associated with this account's ACI. If
                                   provided, an account will be created "atomically," and all other properties needed for
                                   atomic account creation must also be present.
                                   """)
-                                Optional<@Valid SignedPreKey> aciPqLastResortPreKey,
+                                Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> aciPqLastResortPreKey,
 
                                       @Schema(requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = """
                                   A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI. If
                                   provided, an account will be created "atomically," and all other properties needed for
                                   atomic account creation must also be present.
                                   """)
-                                Optional<@Valid SignedPreKey> pniPqLastResortPreKey,
+                                Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> pniPqLastResortPreKey,
 
                                       @Schema(requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = """
                                   An APNs token set for the account's primary device. If provided, the account's primary

service/src/main/java/org/whispersystems/textsecuregcm/entities/PhoneNumberIdentityKeyDistributionRequest.java

@@ -5,7 +5,6 @@
 
 package org.whispersystems.textsecuregcm.entities;
 
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import io.swagger.v3.oas.annotations.media.Schema;
 import java.util.ArrayList;
 import java.util.List;
@@ -15,7 +14,12 @@
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
 
 public record PhoneNumberIdentityKeyDistributionRequest(
     @NotEmpty
@@ -36,15 +40,15 @@ Exactly one message must be supplied for each enabled device other than the send
     @Schema(description="""
         A new signed elliptic-curve prekey for each enabled device on the account, including this one.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    Map<Long, @NotNull @Valid SignedPreKey> devicePniSignedPrekeys,
+    Map<Long, @NotNull @Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> devicePniSignedPrekeys,
 
     @Schema(description="""
         A new signed post-quantum last-resort prekey for each enabled device on the account, including this one.
         May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored.
         If present, must contain one prekey per enabled device including this one.
         Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped.
         Each must be accompanied by a valid signature from the new identity key in this request.""")
-    @Valid Map<Long, @NotNull @Valid SignedPreKey> devicePniPqLastResortPrekeys,
+    @Valid Map<Long, @NotNull @Valid @ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> devicePniPqLastResortPrekeys,
 
     @NotNull
     @Valid

service/src/main/java/org/whispersystems/textsecuregcm/entities/PreKeyState.java

@@ -16,6 +16,8 @@
 import javax.validation.constraints.AssertTrue;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
 
 public class PreKeyState {
 
@@ -24,10 +26,11 @@ public class PreKeyState {
   @Schema(description="A list of unsigned elliptic-curve prekeys to use for this device. " +
       "If present and not empty, replaces all stored unsigned EC prekeys for the device; " +
       "if absent or empty, any stored unsigned EC prekeys for the device are not deleted.")
-  private List<PreKey> preKeys;
+  private List<@ValidPreKey(type=PreKeyType.ECC) PreKey> preKeys;
 
   @JsonProperty
   @Valid
+  @ValidPreKey(type=PreKeyType.ECC)
   @Schema(description="An optional signed elliptic-curve prekey to use for this device. " +
       "If present, replaces the stored signed elliptic-curve prekey for the device; " +
       "if absent, the stored signed prekey is not deleted. " +
@@ -40,10 +43,11 @@ public class PreKeyState {
       "Each key must have a valid signature from the identity key in this request. " +
       "If present and not empty, replaces all stored unsigned PQ prekeys for the device; " +
       "if absent or empty, any stored unsigned PQ prekeys for the device are not deleted.")
-  private List<SignedPreKey> pqPreKeys;
+  private List<@ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> pqPreKeys;
 
   @JsonProperty
   @Valid
+  @ValidPreKey(type=PreKeyType.KYBER)
   @Schema(description="An optional signed last-resort post-quantum prekey to use for this device. " +
       "If present, replaces the stored signed post-quantum last-resort prekey for the device; " +
       "if absent, a stored last-resort prekey will *not* be deleted. " +
@@ -110,4 +114,5 @@ public boolean isSignatureValidOnEachSignedKey() {
     }
     return spks.isEmpty() || PreKeySignatureValidator.validatePreKeySignatures(identityKey, spks);
   }
+
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationRequest.java

@@ -14,6 +14,8 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import org.whispersystems.textsecuregcm.util.OptionalBase64ByteArrayDeserializer;
+import org.whispersystems.textsecuregcm.util.ValidPreKey;
+import org.whispersystems.textsecuregcm.util.ValidPreKey.PreKeyType;
 
 import javax.validation.Valid;
 import javax.validation.constraints.AssertTrue;
@@ -73,17 +75,17 @@ the calling device and the device associated with the existing account (if any).
   @JsonCreator
   @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
   public RegistrationRequest(@JsonProperty("sessionId") String sessionId,
-                             @JsonProperty("recoveryPassword") byte[] recoveryPassword,
-                             @JsonProperty("accountAttributes") AccountAttributes accountAttributes,
-                             @JsonProperty("skipDeviceTransfer") boolean skipDeviceTransfer,
-                             @JsonProperty("aciIdentityKey") Optional<byte[]> aciIdentityKey,
-                             @JsonProperty("pniIdentityKey") Optional<byte[]> pniIdentityKey,
-                             @JsonProperty("aciSignedPreKey") Optional<@Valid SignedPreKey> aciSignedPreKey,
-                             @JsonProperty("pniSignedPreKey") Optional<@Valid SignedPreKey> pniSignedPreKey,
-                             @JsonProperty("aciPqLastResortPreKey") Optional<@Valid SignedPreKey> aciPqLastResortPreKey,
-                             @JsonProperty("pniPqLastResortPreKey") Optional<@Valid SignedPreKey> pniPqLastResortPreKey,
-                             @JsonProperty("apnToken") Optional<@Valid ApnRegistrationId> apnToken,
-                             @JsonProperty("gcmToken") Optional<@Valid GcmRegistrationId> gcmToken) {
+      @JsonProperty("recoveryPassword") byte[] recoveryPassword,
+      @JsonProperty("accountAttributes") AccountAttributes accountAttributes,
+      @JsonProperty("skipDeviceTransfer") boolean skipDeviceTransfer,
+      @JsonProperty("aciIdentityKey") Optional<byte[]> aciIdentityKey,
+      @JsonProperty("pniIdentityKey") Optional<byte[]> pniIdentityKey,
+      @JsonProperty("aciSignedPreKey") Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> aciSignedPreKey,
+      @JsonProperty("pniSignedPreKey") Optional<@Valid @ValidPreKey(type=PreKeyType.ECC) SignedPreKey> pniSignedPreKey,
+      @JsonProperty("aciPqLastResortPreKey") Optional<@Valid @ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> aciPqLastResortPreKey,
+      @JsonProperty("pniPqLastResortPreKey") Optional<@Valid @ValidPreKey(type=PreKeyType.KYBER) SignedPreKey> pniPqLastResortPreKey,
+      @JsonProperty("apnToken") Optional<@Valid ApnRegistrationId> apnToken,
+      @JsonProperty("gcmToken") Optional<@Valid GcmRegistrationId> gcmToken) {
 
     // This may seem a little verbose, but at the time of writing, Jackson struggles with `@JsonUnwrapped` members in
     // records, and this is a workaround. Please see

service/src/main/java/org/whispersystems/textsecuregcm/util/ValidPreKey.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.util;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.ElementType.TYPE_USE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+@Target({FIELD, PARAMETER, TYPE_USE})
+@Retention(RUNTIME)
+@Constraint(validatedBy = {ValidPreKeyValidator.class})
+@Documented
+public @interface ValidPreKey {
+
+  public enum PreKeyType {
+      ECC,
+      KYBER
+  }
+
+  PreKeyType type();
+
+  String message() default "{org.whispersystems.textsecuregcm.util.ValidPreKey.message}";
+
+  Class<?>[] groups() default { };
+
+  Class<? extends Payload>[] payload() default { };
+
+}

service/src/main/java/org/whispersystems/textsecuregcm/util/ValidPreKeyValidator.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2013-2020 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.util;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import org.signal.libsignal.protocol.InvalidKeyException;
+import org.signal.libsignal.protocol.ecc.Curve;
+import org.signal.libsignal.protocol.kem.KEMPublicKey;
+import org.whispersystems.textsecuregcm.entities.PreKey;
+
+public class ValidPreKeyValidator implements ConstraintValidator<ValidPreKey, PreKey> {
+  private ValidPreKey.PreKeyType type;
+
+  @Override
+  public void initialize(ValidPreKey annotation) {
+    type = annotation.type();
+  }
+
+  @Override
+  public boolean isValid(PreKey value, ConstraintValidatorContext context) {
+    if (value == null) {
+      return true;
+    }
+    try {
+      switch (type) {
+        case ECC -> Curve.decodePoint(value.getPublicKey(), 0);
+        case KYBER -> new KEMPublicKey(value.getPublicKey());
+      }
+    } catch (IllegalArgumentException | InvalidKeyException e) {
+      return false;
+    }
+    return true;
+  }
+}