Package org.signal.libsignal.hsmenclave

Class HsmEnclaveClient

  • All Implemented Interfaces:
    org.signal.libsignal.internal.NativeHandleGuard.Owner 
    
public class HsmEnclaveClient
extends NativeHandleGuard.SimpleOwner

    HsmEnclaveClient provides bindings to interact with Signal's HSM-backed enclave.

    Interaction with the enclave is done over a websocket, which is handled by the client. Once the websocket has been initiated, the client establishes a connection in the following manner:

    • send HsmEnclaveClient.initialRequest()
    • receive a response and pass to HsmEnclaveClient.completeHandshake()
    After a connection has been established, a client may send or receive messages. To send a message, they formulate the plaintext, then pass it to HsmEnclaveClient.establishedSend() to get the ciphertext message to pass along. When a message is received (as ciphertext), it is passed to HsmEnclaveClient.establishedRecv(), which decrypts and verifies it, passing the plaintext back to the client for processing.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description

    • Field Summary

      Fields 
      Modifier and Type Field Description

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description

    • Method Summary

      Modifier and Type Method Description
      Array<byte> initialRequest() Initial request to send to HSM enclave, to begin handshake.
      void completeHandshake(Array<byte> handshakeResponse) Called by client upon receipt of first message from HSM enclave, to complete handshake.
      Array<byte> establishedSend(Array<byte> plaintextToSend) Called by client after completeHandshake has succeeded, to encrypt a message to send.
      Array<byte> establishedRecv(Array<byte> receivedCiphertext) Called by client after completeHandshake has succeeded, to decrypt a received message.

      • Methods inherited from class org.signal.libsignal.internal.NativeHandleGuard.SimpleOwner

        unsafeNativeHandleWithoutGuard

      • Methods inherited from class org.signal.libsignal.internal.NativeHandleGuard.Owner

        guard, guardedMap, guardedMapChecked, guardedRun, guardedRunChecked

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • HsmEnclaveClient

        HsmEnclaveClient(Array<byte> public_key, List<Array<byte>> code_hashes)

    • Method Detail

      • initialRequest

         Array<byte> initialRequest()

        Initial request to send to HSM enclave, to begin handshake.

      • completeHandshake

         void completeHandshake(Array<byte> handshakeResponse)

        Called by client upon receipt of first message from HSM enclave, to complete handshake.

      • establishedSend

         Array<byte> establishedSend(Array<byte> plaintextToSend)

        Called by client after completeHandshake has succeeded, to encrypt a message to send.

      • establishedRecv

         Array<byte> establishedRecv(Array<byte> receivedCiphertext)

        Called by client after completeHandshake has succeeded, to decrypt a received message.