omemo changes: use 12 byte IV, no longer accept auth tag appended to payload
This commit is contained in:
parent
b56f6fbf4c
commit
e38a9cd729
|
@ -100,7 +100,7 @@ public final class Config {
|
||||||
public static final boolean REMOVE_BROKEN_DEVICES = false;
|
public static final boolean REMOVE_BROKEN_DEVICES = false;
|
||||||
public static final boolean OMEMO_PADDING = false;
|
public static final boolean OMEMO_PADDING = false;
|
||||||
public static final boolean PUT_AUTH_TAG_INTO_KEY = true;
|
public static final boolean PUT_AUTH_TAG_INTO_KEY = true;
|
||||||
public static final boolean TWELVE_BYTE_IV = false;
|
public static final boolean TWELVE_BYTE_IV = true;
|
||||||
|
|
||||||
public static final boolean USE_BOOKMARKS2 = false;
|
public static final boolean USE_BOOKMARKS2 = false;
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ public final class Config {
|
||||||
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY * 5;
|
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY * 5;
|
||||||
public static final int MAM_MAX_MESSAGES = 750;
|
public static final int MAM_MAX_MESSAGES = 750;
|
||||||
|
|
||||||
public static final ChatState DEFAULT_CHATSTATE = ChatState.ACTIVE;
|
public static final ChatState DEFAULT_CHAT_STATE = ChatState.ACTIVE;
|
||||||
public static final int TYPING_TIMEOUT = 8;
|
public static final int TYPING_TIMEOUT = 8;
|
||||||
|
|
||||||
public static final int EXPIRY_INTERVAL = 30 * 60 * 1000; // 30 minutes
|
public static final int EXPIRY_INTERVAL = 30 * 60 * 1000; // 30 minutes
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,8 @@
|
||||||
|
package eu.siacs.conversations.crypto.axolotl;
|
||||||
|
|
||||||
|
public class OutdatedSenderException extends CryptoFailedException {
|
||||||
|
|
||||||
|
public OutdatedSenderException(final String msg) {
|
||||||
|
super(msg);
|
||||||
|
}
|
||||||
|
}
|
|
@ -27,295 +27,293 @@ import eu.siacs.conversations.xml.Element;
|
||||||
import rocks.xmpp.addr.Jid;
|
import rocks.xmpp.addr.Jid;
|
||||||
|
|
||||||
public class XmppAxolotlMessage {
|
public class XmppAxolotlMessage {
|
||||||
public static final String CONTAINERTAG = "encrypted";
|
public static final String CONTAINERTAG = "encrypted";
|
||||||
private static final String HEADER = "header";
|
private static final String HEADER = "header";
|
||||||
private static final String SOURCEID = "sid";
|
private static final String SOURCEID = "sid";
|
||||||
private static final String KEYTAG = "key";
|
private static final String KEYTAG = "key";
|
||||||
private static final String REMOTEID = "rid";
|
private static final String REMOTEID = "rid";
|
||||||
private static final String IVTAG = "iv";
|
private static final String IVTAG = "iv";
|
||||||
private static final String PAYLOAD = "payload";
|
private static final String PAYLOAD = "payload";
|
||||||
|
|
||||||
private static final String KEYTYPE = "AES";
|
private static final String KEYTYPE = "AES";
|
||||||
private static final String CIPHERMODE = "AES/GCM/NoPadding";
|
private static final String CIPHERMODE = "AES/GCM/NoPadding";
|
||||||
private static final String PROVIDER = "BC";
|
private static final String PROVIDER = "BC";
|
||||||
|
private final List<XmppAxolotlSession.AxolotlKey> keys;
|
||||||
|
private final Jid from;
|
||||||
|
private final int sourceDeviceId;
|
||||||
|
private byte[] innerKey;
|
||||||
|
private byte[] ciphertext = null;
|
||||||
|
private byte[] authtagPlusInnerKey = null;
|
||||||
|
private byte[] iv = null;
|
||||||
|
|
||||||
private byte[] innerKey;
|
private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
|
||||||
private byte[] ciphertext = null;
|
this.from = from;
|
||||||
private byte[] authtagPlusInnerKey = null;
|
Element header = axolotlMessage.findChild(HEADER);
|
||||||
private byte[] iv = null;
|
try {
|
||||||
private final List<XmppAxolotlSession.AxolotlKey> keys;
|
this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
|
||||||
private final Jid from;
|
} catch (NumberFormatException e) {
|
||||||
private final int sourceDeviceId;
|
throw new IllegalArgumentException("invalid source id");
|
||||||
|
}
|
||||||
|
List<Element> keyElements = header.getChildren();
|
||||||
|
this.keys = new ArrayList<>();
|
||||||
|
for (Element keyElement : keyElements) {
|
||||||
|
switch (keyElement.getName()) {
|
||||||
|
case KEYTAG:
|
||||||
|
try {
|
||||||
|
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
|
||||||
|
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
||||||
|
boolean isPreKey = keyElement.getAttributeAsBoolean("prekey");
|
||||||
|
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key, isPreKey));
|
||||||
|
} catch (NumberFormatException e) {
|
||||||
|
throw new IllegalArgumentException("invalid remote id");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case IVTAG:
|
||||||
|
if (this.iv != null) {
|
||||||
|
throw new IllegalArgumentException("Duplicate iv entry");
|
||||||
|
}
|
||||||
|
iv = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
final Element payloadElement = axolotlMessage.findChildEnsureSingle(PAYLOAD, AxolotlService.PEP_PREFIX);
|
||||||
|
if (payloadElement != null) {
|
||||||
|
ciphertext = Base64.decode(payloadElement.getContent().trim(), Base64.DEFAULT);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static class XmppAxolotlPlaintextMessage {
|
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
|
||||||
private final String plaintext;
|
this.from = from;
|
||||||
private final String fingerprint;
|
this.sourceDeviceId = sourceDeviceId;
|
||||||
|
this.keys = new ArrayList<>();
|
||||||
|
this.iv = generateIv();
|
||||||
|
this.innerKey = generateKey();
|
||||||
|
}
|
||||||
|
|
||||||
XmppAxolotlPlaintextMessage(String plaintext, String fingerprint) {
|
public static int parseSourceId(final Element axolotlMessage) throws IllegalArgumentException {
|
||||||
this.plaintext = plaintext;
|
final Element header = axolotlMessage.findChild(HEADER);
|
||||||
this.fingerprint = fingerprint;
|
if (header == null) {
|
||||||
}
|
throw new IllegalArgumentException("No header found");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
return Integer.parseInt(header.getAttribute(SOURCEID));
|
||||||
|
} catch (NumberFormatException e) {
|
||||||
|
throw new IllegalArgumentException("invalid source id");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public String getPlaintext() {
|
public static XmppAxolotlMessage fromElement(Element element, Jid from) {
|
||||||
return plaintext;
|
return new XmppAxolotlMessage(element, from);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static byte[] generateKey() {
|
||||||
|
try {
|
||||||
|
KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
|
||||||
|
generator.init(128);
|
||||||
|
return generator.generateKey().getEncoded();
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
Log.e(Config.LOGTAG, e.getMessage());
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static byte[] generateIv() {
|
||||||
|
final SecureRandom random = new SecureRandom();
|
||||||
|
byte[] iv = new byte[Config.TWELVE_BYTE_IV ? 12 : 16];
|
||||||
|
random.nextBytes(iv);
|
||||||
|
return iv;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static byte[] getPaddedBytes(String plaintext) {
|
||||||
|
int plainLength = plaintext.getBytes().length;
|
||||||
|
int pad = Math.max(64, (plainLength / 32 + 1) * 32) - plainLength;
|
||||||
|
SecureRandom random = new SecureRandom();
|
||||||
|
int left = random.nextInt(pad);
|
||||||
|
int right = pad - left;
|
||||||
|
StringBuilder builder = new StringBuilder(plaintext);
|
||||||
|
for (int i = 0; i < left; ++i) {
|
||||||
|
builder.insert(0, random.nextBoolean() ? "\t" : " ");
|
||||||
|
}
|
||||||
|
for (int i = 0; i < right; ++i) {
|
||||||
|
builder.append(random.nextBoolean() ? "\t" : " ");
|
||||||
|
}
|
||||||
|
return builder.toString().getBytes();
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasPayload() {
|
||||||
|
return ciphertext != null;
|
||||||
|
}
|
||||||
|
|
||||||
|
void encrypt(String plaintext) throws CryptoFailedException {
|
||||||
|
try {
|
||||||
|
SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
|
||||||
|
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||||
|
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
|
||||||
|
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
|
||||||
|
this.ciphertext = cipher.doFinal(Config.OMEMO_PADDING ? getPaddedBytes(plaintext) : plaintext.getBytes());
|
||||||
|
if (Config.PUT_AUTH_TAG_INTO_KEY && this.ciphertext != null) {
|
||||||
|
this.authtagPlusInnerKey = new byte[16 + 16];
|
||||||
|
byte[] ciphertext = new byte[this.ciphertext.length - 16];
|
||||||
|
System.arraycopy(this.ciphertext, 0, ciphertext, 0, ciphertext.length);
|
||||||
|
System.arraycopy(this.ciphertext, ciphertext.length, authtagPlusInnerKey, 16, 16);
|
||||||
|
System.arraycopy(this.innerKey, 0, authtagPlusInnerKey, 0, this.innerKey.length);
|
||||||
|
this.ciphertext = ciphertext;
|
||||||
|
}
|
||||||
|
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
|
||||||
|
| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
|
||||||
|
| InvalidAlgorithmParameterException e) {
|
||||||
|
throw new CryptoFailedException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public Jid getFrom() {
|
||||||
|
return this.from;
|
||||||
|
}
|
||||||
|
|
||||||
|
int getSenderDeviceId() {
|
||||||
|
return sourceDeviceId;
|
||||||
|
}
|
||||||
|
|
||||||
|
void addDevice(XmppAxolotlSession session) {
|
||||||
|
addDevice(session, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
void addDevice(XmppAxolotlSession session, boolean ignoreSessionTrust) {
|
||||||
|
XmppAxolotlSession.AxolotlKey key;
|
||||||
|
if (authtagPlusInnerKey != null) {
|
||||||
|
key = session.processSending(authtagPlusInnerKey, ignoreSessionTrust);
|
||||||
|
} else {
|
||||||
|
key = session.processSending(innerKey, ignoreSessionTrust);
|
||||||
|
}
|
||||||
|
if (key != null) {
|
||||||
|
keys.add(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] getInnerKey() {
|
||||||
|
return innerKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] getIV() {
|
||||||
|
return this.iv;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Element toElement() {
|
||||||
|
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
|
||||||
|
Element headerElement = encryptionElement.addChild(HEADER);
|
||||||
|
headerElement.setAttribute(SOURCEID, sourceDeviceId);
|
||||||
|
for (XmppAxolotlSession.AxolotlKey key : keys) {
|
||||||
|
Element keyElement = new Element(KEYTAG);
|
||||||
|
keyElement.setAttribute(REMOTEID, key.deviceId);
|
||||||
|
if (key.prekey) {
|
||||||
|
keyElement.setAttribute("prekey", "true");
|
||||||
|
}
|
||||||
|
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
|
||||||
|
headerElement.addChild(keyElement);
|
||||||
|
}
|
||||||
|
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
|
||||||
|
if (ciphertext != null) {
|
||||||
|
Element payload = encryptionElement.addChild(PAYLOAD);
|
||||||
|
payload.setContent(Base64.encodeToString(ciphertext, Base64.NO_WRAP));
|
||||||
|
}
|
||||||
|
return encryptionElement;
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
||||||
|
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
|
||||||
|
for (XmppAxolotlSession.AxolotlKey key : keys) {
|
||||||
|
if (key.deviceId == sourceDeviceId) {
|
||||||
|
possibleKeys.add(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (possibleKeys.size() == 0) {
|
||||||
|
throw new NotEncryptedForThisDeviceException();
|
||||||
|
}
|
||||||
|
return session.processReceiving(possibleKeys);
|
||||||
|
}
|
||||||
|
|
||||||
|
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
||||||
|
return new XmppAxolotlKeyTransportMessage(session.getFingerprint(), unpackKey(session, sourceDeviceId), getIV());
|
||||||
|
}
|
||||||
|
|
||||||
|
public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
||||||
|
XmppAxolotlPlaintextMessage plaintextMessage = null;
|
||||||
|
byte[] key = unpackKey(session, sourceDeviceId);
|
||||||
|
if (key != null) {
|
||||||
|
try {
|
||||||
|
if (key.length < 32) {
|
||||||
|
throw new OutdatedSenderException("Key did not contain auth tag. Sender needs to update their OMEMO client");
|
||||||
|
}
|
||||||
|
final int authTagLength = key.length - 16;
|
||||||
|
byte[] newCipherText = new byte[key.length - 16 + ciphertext.length];
|
||||||
|
byte[] newKey = new byte[16];
|
||||||
|
System.arraycopy(ciphertext, 0, newCipherText, 0, ciphertext.length);
|
||||||
|
System.arraycopy(key, 16, newCipherText, ciphertext.length, authTagLength);
|
||||||
|
System.arraycopy(key, 0, newKey, 0, newKey.length);
|
||||||
|
ciphertext = newCipherText;
|
||||||
|
key = newKey;
|
||||||
|
|
||||||
|
final Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
|
||||||
|
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
|
||||||
|
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||||
|
|
||||||
|
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
|
||||||
|
|
||||||
|
String plaintext = new String(cipher.doFinal(ciphertext));
|
||||||
|
plaintextMessage = new XmppAxolotlPlaintextMessage(Config.OMEMO_PADDING ? plaintext.trim() : plaintext, session.getFingerprint());
|
||||||
|
|
||||||
|
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
|
||||||
|
| InvalidAlgorithmParameterException | IllegalBlockSizeException
|
||||||
|
| BadPaddingException | NoSuchProviderException e) {
|
||||||
|
throw new CryptoFailedException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return plaintextMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class XmppAxolotlPlaintextMessage {
|
||||||
|
private final String plaintext;
|
||||||
|
private final String fingerprint;
|
||||||
|
|
||||||
|
XmppAxolotlPlaintextMessage(String plaintext, String fingerprint) {
|
||||||
|
this.plaintext = plaintext;
|
||||||
|
this.fingerprint = fingerprint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPlaintext() {
|
||||||
|
return plaintext;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public String getFingerprint() {
|
public String getFingerprint() {
|
||||||
return fingerprint;
|
return fingerprint;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class XmppAxolotlKeyTransportMessage {
|
public static class XmppAxolotlKeyTransportMessage {
|
||||||
private final String fingerprint;
|
private final String fingerprint;
|
||||||
private final byte[] key;
|
private final byte[] key;
|
||||||
private final byte[] iv;
|
private final byte[] iv;
|
||||||
|
|
||||||
XmppAxolotlKeyTransportMessage(String fingerprint, byte[] key, byte[] iv) {
|
XmppAxolotlKeyTransportMessage(String fingerprint, byte[] key, byte[] iv) {
|
||||||
this.fingerprint = fingerprint;
|
this.fingerprint = fingerprint;
|
||||||
this.key = key;
|
this.key = key;
|
||||||
this.iv = iv;
|
this.iv = iv;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getFingerprint() {
|
public String getFingerprint() {
|
||||||
return fingerprint;
|
return fingerprint;
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] getKey() {
|
public byte[] getKey() {
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] getIv() {
|
public byte[] getIv() {
|
||||||
return iv;
|
return iv;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static int parseSourceId(final Element axolotlMessage) throws IllegalArgumentException {
|
|
||||||
final Element header = axolotlMessage.findChild(HEADER);
|
|
||||||
if (header == null) {
|
|
||||||
throw new IllegalArgumentException("No header found");
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
return Integer.parseInt(header.getAttribute(SOURCEID));
|
|
||||||
} catch (NumberFormatException e) {
|
|
||||||
throw new IllegalArgumentException("invalid source id");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
|
|
||||||
this.from = from;
|
|
||||||
Element header = axolotlMessage.findChild(HEADER);
|
|
||||||
try {
|
|
||||||
this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
|
|
||||||
} catch (NumberFormatException e) {
|
|
||||||
throw new IllegalArgumentException("invalid source id");
|
|
||||||
}
|
|
||||||
List<Element> keyElements = header.getChildren();
|
|
||||||
this.keys = new ArrayList<>();
|
|
||||||
for (Element keyElement : keyElements) {
|
|
||||||
switch (keyElement.getName()) {
|
|
||||||
case KEYTAG:
|
|
||||||
try {
|
|
||||||
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
|
|
||||||
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
|
||||||
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
|
|
||||||
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key,isPreKey));
|
|
||||||
} catch (NumberFormatException e) {
|
|
||||||
throw new IllegalArgumentException("invalid remote id");
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case IVTAG:
|
|
||||||
if (this.iv != null) {
|
|
||||||
throw new IllegalArgumentException("Duplicate iv entry");
|
|
||||||
}
|
|
||||||
iv = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
final Element payloadElement = axolotlMessage.findChildEnsureSingle(PAYLOAD, AxolotlService.PEP_PREFIX);
|
|
||||||
if (payloadElement != null) {
|
|
||||||
ciphertext = Base64.decode(payloadElement.getContent().trim(), Base64.DEFAULT);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
|
|
||||||
this.from = from;
|
|
||||||
this.sourceDeviceId = sourceDeviceId;
|
|
||||||
this.keys = new ArrayList<>();
|
|
||||||
this.iv = generateIv();
|
|
||||||
this.innerKey = generateKey();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static XmppAxolotlMessage fromElement(Element element, Jid from) {
|
|
||||||
return new XmppAxolotlMessage(element, from);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] generateKey() {
|
|
||||||
try {
|
|
||||||
KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
|
|
||||||
generator.init(128);
|
|
||||||
return generator.generateKey().getEncoded();
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
Log.e(Config.LOGTAG, e.getMessage());
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] generateIv() {
|
|
||||||
final SecureRandom random = new SecureRandom();
|
|
||||||
byte[] iv = new byte[Config.TWELVE_BYTE_IV ? 12 : 16];
|
|
||||||
random.nextBytes(iv);
|
|
||||||
return iv;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean hasPayload() {
|
|
||||||
return ciphertext != null;
|
|
||||||
}
|
|
||||||
|
|
||||||
void encrypt(String plaintext) throws CryptoFailedException {
|
|
||||||
try {
|
|
||||||
SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
|
|
||||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
|
||||||
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
|
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
|
|
||||||
this.ciphertext = cipher.doFinal(Config.OMEMO_PADDING ? getPaddedBytes(plaintext) : plaintext.getBytes());
|
|
||||||
if (Config.PUT_AUTH_TAG_INTO_KEY && this.ciphertext != null) {
|
|
||||||
this.authtagPlusInnerKey = new byte[16+16];
|
|
||||||
byte[] ciphertext = new byte[this.ciphertext.length - 16];
|
|
||||||
System.arraycopy(this.ciphertext,0,ciphertext,0,ciphertext.length);
|
|
||||||
System.arraycopy(this.ciphertext,ciphertext.length,authtagPlusInnerKey,16,16);
|
|
||||||
System.arraycopy(this.innerKey,0,authtagPlusInnerKey,0,this.innerKey.length);
|
|
||||||
this.ciphertext = ciphertext;
|
|
||||||
}
|
|
||||||
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
|
|
||||||
| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
|
|
||||||
| InvalidAlgorithmParameterException e) {
|
|
||||||
throw new CryptoFailedException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] getPaddedBytes(String plaintext) {
|
|
||||||
int plainLength = plaintext.getBytes().length;
|
|
||||||
int pad = Math.max(64,(plainLength / 32 + 1) * 32) - plainLength;
|
|
||||||
SecureRandom random = new SecureRandom();
|
|
||||||
int left = random.nextInt(pad);
|
|
||||||
int right = pad - left;
|
|
||||||
StringBuilder builder = new StringBuilder(plaintext);
|
|
||||||
for(int i = 0; i < left; ++i) {
|
|
||||||
builder.insert(0,random.nextBoolean() ? "\t" : " ");
|
|
||||||
}
|
|
||||||
for(int i = 0; i < right; ++i) {
|
|
||||||
builder.append(random.nextBoolean() ? "\t" : " ");
|
|
||||||
}
|
|
||||||
return builder.toString().getBytes();
|
|
||||||
}
|
|
||||||
|
|
||||||
public Jid getFrom() {
|
|
||||||
return this.from;
|
|
||||||
}
|
|
||||||
|
|
||||||
int getSenderDeviceId() {
|
|
||||||
return sourceDeviceId;
|
|
||||||
}
|
|
||||||
|
|
||||||
void addDevice(XmppAxolotlSession session) {
|
|
||||||
addDevice(session, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
void addDevice(XmppAxolotlSession session, boolean ignoreSessionTrust) {
|
|
||||||
XmppAxolotlSession.AxolotlKey key;
|
|
||||||
if (authtagPlusInnerKey != null) {
|
|
||||||
key = session.processSending(authtagPlusInnerKey, ignoreSessionTrust);
|
|
||||||
} else {
|
|
||||||
key = session.processSending(innerKey, ignoreSessionTrust);
|
|
||||||
}
|
|
||||||
if (key != null) {
|
|
||||||
keys.add(key);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] getInnerKey() {
|
|
||||||
return innerKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] getIV() {
|
|
||||||
return this.iv;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Element toElement() {
|
|
||||||
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
|
|
||||||
Element headerElement = encryptionElement.addChild(HEADER);
|
|
||||||
headerElement.setAttribute(SOURCEID, sourceDeviceId);
|
|
||||||
for(XmppAxolotlSession.AxolotlKey key : keys) {
|
|
||||||
Element keyElement = new Element(KEYTAG);
|
|
||||||
keyElement.setAttribute(REMOTEID, key.deviceId);
|
|
||||||
if (key.prekey) {
|
|
||||||
keyElement.setAttribute("prekey","true");
|
|
||||||
}
|
|
||||||
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
|
|
||||||
headerElement.addChild(keyElement);
|
|
||||||
}
|
|
||||||
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
|
|
||||||
if (ciphertext != null) {
|
|
||||||
Element payload = encryptionElement.addChild(PAYLOAD);
|
|
||||||
payload.setContent(Base64.encodeToString(ciphertext, Base64.NO_WRAP));
|
|
||||||
}
|
|
||||||
return encryptionElement;
|
|
||||||
}
|
|
||||||
|
|
||||||
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
|
||||||
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
|
|
||||||
for(XmppAxolotlSession.AxolotlKey key : keys) {
|
|
||||||
if (key.deviceId == sourceDeviceId) {
|
|
||||||
possibleKeys.add(key);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (possibleKeys.size() == 0) {
|
|
||||||
throw new NotEncryptedForThisDeviceException();
|
|
||||||
}
|
|
||||||
return session.processReceiving(possibleKeys);
|
|
||||||
}
|
|
||||||
|
|
||||||
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
|
||||||
return new XmppAxolotlKeyTransportMessage(session.getFingerprint(), unpackKey(session, sourceDeviceId), getIV());
|
|
||||||
}
|
|
||||||
|
|
||||||
public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
|
||||||
XmppAxolotlPlaintextMessage plaintextMessage = null;
|
|
||||||
byte[] key = unpackKey(session, sourceDeviceId);
|
|
||||||
if (key != null) {
|
|
||||||
try {
|
|
||||||
//TODO remove support for *not* having auth tag in key
|
|
||||||
if (key.length >= 32) {
|
|
||||||
int authtaglength = key.length - 16;
|
|
||||||
Log.d(Config.LOGTAG,"found auth tag as part of omemo key");
|
|
||||||
byte[] newCipherText = new byte[key.length - 16 + ciphertext.length];
|
|
||||||
byte[] newKey = new byte[16];
|
|
||||||
System.arraycopy(ciphertext, 0, newCipherText, 0, ciphertext.length);
|
|
||||||
System.arraycopy(key, 16, newCipherText, ciphertext.length, authtaglength);
|
|
||||||
System.arraycopy(key,0,newKey,0,newKey.length);
|
|
||||||
ciphertext = newCipherText;
|
|
||||||
key = newKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
|
|
||||||
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
|
|
||||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
|
||||||
|
|
||||||
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
|
|
||||||
|
|
||||||
String plaintext = new String(cipher.doFinal(ciphertext));
|
|
||||||
plaintextMessage = new XmppAxolotlPlaintextMessage(Config.OMEMO_PADDING ? plaintext.trim() : plaintext, session.getFingerprint());
|
|
||||||
|
|
||||||
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
|
|
||||||
| InvalidAlgorithmParameterException | IllegalBlockSizeException
|
|
||||||
| BadPaddingException | NoSuchProviderException e) {
|
|
||||||
throw new CryptoFailedException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return plaintextMessage;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,8 +76,8 @@ public class Conversation extends AbstractEntity implements Blockable, Comparabl
|
||||||
private Jid nextCounterpart;
|
private Jid nextCounterpart;
|
||||||
private transient MucOptions mucOptions = null;
|
private transient MucOptions mucOptions = null;
|
||||||
private boolean messagesLeftOnServer = true;
|
private boolean messagesLeftOnServer = true;
|
||||||
private ChatState mOutgoingChatState = Config.DEFAULT_CHATSTATE;
|
private ChatState mOutgoingChatState = Config.DEFAULT_CHAT_STATE;
|
||||||
private ChatState mIncomingChatState = Config.DEFAULT_CHATSTATE;
|
private ChatState mIncomingChatState = Config.DEFAULT_CHAT_STATE;
|
||||||
private String mFirstMamReference = null;
|
private String mFirstMamReference = null;
|
||||||
|
|
||||||
public Conversation(final String name, final Account account, final Jid contactJid,
|
public Conversation(final String name, final Account account, final Jid contactJid,
|
||||||
|
|
|
@ -94,7 +94,7 @@ public class MucOptions {
|
||||||
public void resetChatState() {
|
public void resetChatState() {
|
||||||
synchronized (users) {
|
synchronized (users) {
|
||||||
for (User user : users) {
|
for (User user : users) {
|
||||||
user.chatState = Config.DEFAULT_CHATSTATE;
|
user.chatState = Config.DEFAULT_CHAT_STATE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -746,7 +746,7 @@ public class MucOptions {
|
||||||
private long pgpKeyId = 0;
|
private long pgpKeyId = 0;
|
||||||
private Avatar avatar;
|
private Avatar avatar;
|
||||||
private MucOptions options;
|
private MucOptions options;
|
||||||
private ChatState chatState = Config.DEFAULT_CHATSTATE;
|
private ChatState chatState = Config.DEFAULT_CHAT_STATE;
|
||||||
|
|
||||||
public User(MucOptions options, Jid fullJid) {
|
public User(MucOptions options, Jid fullJid) {
|
||||||
this.options = options;
|
this.options = options;
|
||||||
|
|
|
@ -19,6 +19,7 @@ import eu.siacs.conversations.R;
|
||||||
import eu.siacs.conversations.crypto.axolotl.AxolotlService;
|
import eu.siacs.conversations.crypto.axolotl.AxolotlService;
|
||||||
import eu.siacs.conversations.crypto.axolotl.BrokenSessionException;
|
import eu.siacs.conversations.crypto.axolotl.BrokenSessionException;
|
||||||
import eu.siacs.conversations.crypto.axolotl.NotEncryptedForThisDeviceException;
|
import eu.siacs.conversations.crypto.axolotl.NotEncryptedForThisDeviceException;
|
||||||
|
import eu.siacs.conversations.crypto.axolotl.OutdatedSenderException;
|
||||||
import eu.siacs.conversations.crypto.axolotl.XmppAxolotlMessage;
|
import eu.siacs.conversations.crypto.axolotl.XmppAxolotlMessage;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
import eu.siacs.conversations.entities.Bookmark;
|
import eu.siacs.conversations.entities.Bookmark;
|
||||||
|
@ -140,6 +141,8 @@ public class MessageParser extends AbstractParser implements OnMessagePacketRece
|
||||||
}
|
}
|
||||||
} catch (NotEncryptedForThisDeviceException e) {
|
} catch (NotEncryptedForThisDeviceException e) {
|
||||||
return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_NOT_FOR_THIS_DEVICE, status);
|
return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_NOT_FOR_THIS_DEVICE, status);
|
||||||
|
} catch (OutdatedSenderException e) {
|
||||||
|
return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_FAILED, status);
|
||||||
}
|
}
|
||||||
if (plaintextMessage != null) {
|
if (plaintextMessage != null) {
|
||||||
Message finishedMessage = new Message(conversation, plaintextMessage.getPlaintext(), Message.ENCRYPTION_AXOLOTL, status);
|
Message finishedMessage = new Message(conversation, plaintextMessage.getPlaintext(), Message.ENCRYPTION_AXOLOTL, status);
|
||||||
|
|
|
@ -34,7 +34,6 @@ import android.provider.ContactsContract;
|
||||||
import android.security.KeyChain;
|
import android.security.KeyChain;
|
||||||
import android.support.annotation.BoolRes;
|
import android.support.annotation.BoolRes;
|
||||||
import android.support.annotation.IntegerRes;
|
import android.support.annotation.IntegerRes;
|
||||||
import android.support.annotation.NonNull;
|
|
||||||
import android.support.v4.app.RemoteInput;
|
import android.support.v4.app.RemoteInput;
|
||||||
import android.support.v4.content.ContextCompat;
|
import android.support.v4.content.ContextCompat;
|
||||||
import android.text.TextUtils;
|
import android.text.TextUtils;
|
||||||
|
@ -1515,7 +1514,7 @@ public class XmppConnectionService extends Service {
|
||||||
if (delay) {
|
if (delay) {
|
||||||
mMessageGenerator.addDelay(packet, message.getTimeSent());
|
mMessageGenerator.addDelay(packet, message.getTimeSent());
|
||||||
}
|
}
|
||||||
if (conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
|
if (conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
|
||||||
if (this.sendChatStates()) {
|
if (this.sendChatStates()) {
|
||||||
packet.addChild(ChatState.toElement(conversation.getOutgoingChatState()));
|
packet.addChild(ChatState.toElement(conversation.getOutgoingChatState()));
|
||||||
}
|
}
|
||||||
|
@ -2514,7 +2513,7 @@ public class XmppConnectionService extends Service {
|
||||||
if (conversation.getMode() == Conversation.MODE_MULTI) {
|
if (conversation.getMode() == Conversation.MODE_MULTI) {
|
||||||
conversation.getMucOptions().resetChatState();
|
conversation.getMucOptions().resetChatState();
|
||||||
} else {
|
} else {
|
||||||
conversation.setIncomingChatState(Config.DEFAULT_CHATSTATE);
|
conversation.setIncomingChatState(Config.DEFAULT_CHAT_STATE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (Account account : getAccounts()) {
|
for (Account account : getAccounts()) {
|
||||||
|
|
|
@ -1721,7 +1721,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
|
||||||
}
|
}
|
||||||
|
|
||||||
public void privateMessageWith(final Jid counterpart) {
|
public void privateMessageWith(final Jid counterpart) {
|
||||||
if (conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
|
if (conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
|
||||||
activity.xmppConnectionService.sendChatState(conversation);
|
activity.xmppConnectionService.sendChatState(conversation);
|
||||||
}
|
}
|
||||||
this.binding.textinput.setText("");
|
this.binding.textinput.setText("");
|
||||||
|
@ -1859,7 +1859,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
|
||||||
}
|
}
|
||||||
|
|
||||||
private void updateChatState(final Conversation conversation, final String msg) {
|
private void updateChatState(final Conversation conversation, final String msg) {
|
||||||
ChatState state = msg.length() == 0 ? Config.DEFAULT_CHATSTATE : ChatState.PAUSED;
|
ChatState state = msg.length() == 0 ? Config.DEFAULT_CHAT_STATE : ChatState.PAUSED;
|
||||||
Account.State status = conversation.getAccount().getStatus();
|
Account.State status = conversation.getAccount().getStatus();
|
||||||
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(state)) {
|
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(state)) {
|
||||||
activity.xmppConnectionService.sendChatState(conversation);
|
activity.xmppConnectionService.sendChatState(conversation);
|
||||||
|
@ -2619,7 +2619,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Account.State status = conversation.getAccount().getStatus();
|
Account.State status = conversation.getAccount().getStatus();
|
||||||
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
|
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
|
||||||
service.sendChatState(conversation);
|
service.sendChatState(conversation);
|
||||||
}
|
}
|
||||||
if (storeNextMessage()) {
|
if (storeNextMessage()) {
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
<resources>
|
<resources>
|
||||||
<string name="pref_about_message" translatable="false">
|
<string name="pref_about_message" translatable="false">
|
||||||
Conversations • the very last word in instant messaging.
|
Conversations • the very last word in instant messaging.
|
||||||
\n\nCopyright © 2014-2019 Daniel Gultsch
|
\n\nCopyright © 2014-2020 Daniel Gultsch
|
||||||
\n\nThis program is free software: you can redistribute it and/or modify
|
\n\nThis program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
|
Loading…
Reference in a new issue