omemo changes: use 12 byte IV, no longer accept auth tag appended to payload

This commit is contained in:
Daniel Gultsch 2020-01-18 12:08:03 +01:00
parent b56f6fbf4c
commit e38a9cd729
10 changed files with 1807 additions and 1800 deletions

View file

@ -100,7 +100,7 @@ public final class Config {
public static final boolean REMOVE_BROKEN_DEVICES = false;
public static final boolean OMEMO_PADDING = false;
public static final boolean PUT_AUTH_TAG_INTO_KEY = true;
public static final boolean TWELVE_BYTE_IV = false;
public static final boolean TWELVE_BYTE_IV = true;
public static final boolean USE_BOOKMARKS2 = false;
@ -125,7 +125,7 @@ public final class Config {
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY * 5;
public static final int MAM_MAX_MESSAGES = 750;
public static final ChatState DEFAULT_CHATSTATE = ChatState.ACTIVE;
public static final ChatState DEFAULT_CHAT_STATE = ChatState.ACTIVE;
public static final int TYPING_TIMEOUT = 8;
public static final int EXPIRY_INTERVAL = 30 * 60 * 1000; // 30 minutes

View file

@ -79,16 +79,37 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
private final Map<Jid, Boolean> fetchDeviceListStatus = new HashMap<>();
private final HashMap<Jid, List<OnDeviceIdsFetched>> fetchDeviceIdsMap = new HashMap<>();
private final SerialSingleThreadExecutor executor;
private final Set<SignalProtocolAddress> healingAttempts = new HashSet<>();
private final HashSet<Integer> cleanedOwnDeviceIds = new HashSet<>();
private final Set<Integer> PREVIOUSLY_REMOVED_FROM_ANNOUNCEMENT = new HashSet<>();
private int numPublishTriesOnEmptyPep = 0;
private boolean pepBroken = false;
private final Set<SignalProtocolAddress> healingAttempts = new HashSet<>();
private int lastDeviceListNotificationHash = 0;
private final HashSet<Integer> cleanedOwnDeviceIds = new HashSet<>();
private Set<XmppAxolotlSession> postponedSessions = new HashSet<>(); //sessions stored here will receive after mam catchup treatment
private Set<SignalProtocolAddress> postponedHealing = new HashSet<>(); //addresses stored here will need a healing notification after mam catchup
private AtomicBoolean changeAccessMode = new AtomicBoolean(false);
public AxolotlService(Account account, XmppConnectionService connectionService) {
if (account == null || connectionService == null) {
throw new IllegalArgumentException("account and service cannot be null");
}
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
this.mXmppConnectionService = connectionService;
this.account = account;
this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
this.deviceIds = new HashMap<>();
this.messageCache = new HashMap<>();
this.sessions = new SessionMap(mXmppConnectionService, axolotlStore, account);
this.fetchStatusMap = new FetchStatusMap();
this.executor = new SerialSingleThreadExecutor("Axolotl");
}
public static String getLogprefix(Account account) {
return LOGPREFIX + " (" + account.getJid().asBareJid().toString() + "): ";
}
@Override
public void onAdvancedStreamFeaturesAvailable(Account account) {
if (Config.supportOmemo()
@ -106,7 +127,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
public boolean hasErrorFetchingDeviceList(List<Jid> jids) {
for(Jid jid : jids) {
for (Jid jid : jids) {
if (hasErrorFetchingDeviceList(jid)) {
return true;
}
@ -145,172 +166,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
return false;
}
private static class AxolotlAddressMap<T> {
protected Map<String, Map<Integer, T>> map;
protected final Object MAP_LOCK = new Object();
public AxolotlAddressMap() {
this.map = new HashMap<>();
}
public void put(SignalProtocolAddress address, T value) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
if (devices == null) {
devices = new HashMap<>();
map.put(address.getName(), devices);
}
devices.put(address.getDeviceId(), value);
}
}
public T get(SignalProtocolAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
if (devices == null) {
return null;
}
return devices.get(address.getDeviceId());
}
}
public Map<Integer, T> getAll(String name) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(name);
if (devices == null) {
return new HashMap<>();
}
return devices;
}
}
public boolean hasAny(SignalProtocolAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
return devices != null && !devices.isEmpty();
}
}
public void clear() {
map.clear();
}
}
private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
private final XmppConnectionService xmppConnectionService;
private final Account account;
public SessionMap(XmppConnectionService service, SQLiteAxolotlStore store, Account account) {
super();
this.xmppConnectionService = service;
this.account = account;
this.fillMap(store);
}
public Set<Jid> findCounterpartsForSourceId(Integer sid) {
Set<Jid> candidates = new HashSet<>();
synchronized (MAP_LOCK) {
for(Map.Entry<String,Map<Integer,XmppAxolotlSession>> entry : map.entrySet()) {
String key = entry.getKey();
if (entry.getValue().containsKey(sid)) {
candidates.add(Jid.of(key));
}
}
}
return candidates;
}
private void putDevicesForJid(String bareJid, List<Integer> deviceIds, SQLiteAxolotlStore store) {
for (Integer deviceId : deviceIds) {
SignalProtocolAddress axolotlAddress = new SignalProtocolAddress(bareJid, deviceId);
IdentityKey identityKey = store.loadSession(axolotlAddress).getSessionState().getRemoteIdentityKey();
if (Config.X509_VERIFICATION) {
X509Certificate certificate = store.getFingerprintCertificate(CryptoHelper.bytesToHex(identityKey.getPublicKey().serialize()));
if (certificate != null) {
Bundle information = CryptoHelper.extractCertificateInformation(certificate);
try {
final String cn = information.getString("subject_cn");
final Jid jid = Jid.of(bareJid);
Log.d(Config.LOGTAG, "setting common name for " + jid + " to " + cn);
account.getRoster().getContact(jid).setCommonName(cn);
} catch (final IllegalArgumentException ignored) {
//ignored
}
}
}
this.put(axolotlAddress, new XmppAxolotlSession(account, store, axolotlAddress, identityKey));
}
}
private void fillMap(SQLiteAxolotlStore store) {
List<Integer> deviceIds = store.getSubDeviceSessions(account.getJid().asBareJid().toString());
putDevicesForJid(account.getJid().asBareJid().toString(), deviceIds, store);
for (String address : store.getKnownAddresses()) {
deviceIds = store.getSubDeviceSessions(address);
putDevicesForJid(address, deviceIds, store);
}
}
@Override
public void put(SignalProtocolAddress address, XmppAxolotlSession value) {
super.put(address, value);
value.setNotFresh();
}
public void put(XmppAxolotlSession session) {
this.put(session.getRemoteAddress(), session);
}
}
public enum FetchStatus {
PENDING,
SUCCESS,
SUCCESS_VERIFIED,
TIMEOUT,
SUCCESS_TRUSTED,
ERROR
}
private static class FetchStatusMap extends AxolotlAddressMap<FetchStatus> {
public void clearErrorFor(Jid jid) {
synchronized (MAP_LOCK) {
Map<Integer, FetchStatus> devices = this.map.get(jid.asBareJid().toString());
if (devices == null) {
return;
}
for (Map.Entry<Integer, FetchStatus> entry : devices.entrySet()) {
if (entry.getValue() == FetchStatus.ERROR) {
Log.d(Config.LOGTAG, "resetting error for " + jid.asBareJid() + "(" + entry.getKey() + ")");
entry.setValue(FetchStatus.TIMEOUT);
}
}
}
}
}
public static String getLogprefix(Account account) {
return LOGPREFIX + " (" + account.getJid().asBareJid().toString() + "): ";
}
public AxolotlService(Account account, XmppConnectionService connectionService) {
if (account == null || connectionService == null) {
throw new IllegalArgumentException("account and service cannot be null");
}
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
this.mXmppConnectionService = connectionService;
this.account = account;
this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
this.deviceIds = new HashMap<>();
this.messageCache = new HashMap<>();
this.sessions = new SessionMap(mXmppConnectionService, axolotlStore, account);
this.fetchStatusMap = new FetchStatusMap();
this.executor = new SerialSingleThreadExecutor("Axolotl");
}
public String getOwnFingerprint() {
return CryptoHelper.bytesToHex(axolotlStore.getIdentityKeyPair().getPublicKey().serialize());
}
@ -359,7 +214,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
return s;
}
public Collection<XmppAxolotlSession> findSessionsForContact(Contact contact) {
SignalProtocolAddress contactAddress = getAddressForJid(contact.getJid());
ArrayList<XmppAxolotlSession> s = new ArrayList<>(this.sessions.getAll(contactAddress.getName()).values());
@ -495,7 +349,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
mXmppConnectionService.updateAccountUi();
}
} else {
Log.d(Config.LOGTAG,"skipped device list update because it hasn't changed");
Log.d(Config.LOGTAG, "skipped device list update because it hasn't changed");
}
}
@ -610,7 +464,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
if (packet.getType() == IqPacket.TYPE.ERROR) {
if (preConditionNotMet) {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": device list pre condition still not met on second attempt");
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": device list pre condition still not met on second attempt");
} else if (error != null) {
pepBroken = true;
Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing own device id" + packet.findChild("error"));
@ -829,7 +683,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
} else if (packet.getType() == IqPacket.TYPE.ERROR) {
if (preconditionNotMet) {
Log.d(Config.LOGTAG,getLogprefix(account) + "bundle precondition still not met after second attempt");
Log.d(Config.LOGTAG, getLogprefix(account) + "bundle precondition still not met after second attempt");
} else {
Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing bundle: " + packet.toString());
}
@ -924,8 +778,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
}
private final Set<Integer> PREVIOUSLY_REMOVED_FROM_ANNOUNCEMENT = new HashSet<>();
private void finishBuildingSessionsFromPEP(final SignalProtocolAddress address) {
SignalProtocolAddress ownAddress = new SignalProtocolAddress(account.getJid().asBareJid().toString(), 0);
Map<Integer, FetchStatus> own = fetchStatusMap.getAll(ownAddress.getName());
@ -963,14 +815,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
return !hasAny(jid) && (!deviceIds.containsKey(jid) || deviceIds.get(jid).isEmpty());
}
public interface OnDeviceIdsFetched {
void fetched(Jid jid, Set<Integer> deviceIds);
}
public interface OnMultipleDeviceIdFetched {
void fetched();
}
public void fetchDeviceIds(final Jid jid) {
fetchDeviceIds(jid, null);
}
@ -1047,11 +891,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
}
interface OnSessionBuildFromPep {
void onSessionBuildSuccessful();
void onSessionBuildFailed();
}
private void buildSessionFromPEP(final SignalProtocolAddress address) {
buildSessionFromPEP(address, null);
}
@ -1153,7 +992,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
private void removeFromDeviceAnnouncement(Integer id) {
HashSet<Integer> temp = new HashSet<>(getOwnDeviceIds());
if (temp.remove(id)) {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+" remove own device id "+id+" from announcement. devices left:"+temp);
Log.d(Config.LOGTAG, account.getJid().asBareJid() + " remove own device id " + id + " from announcement. devices left:" + temp);
publishOwnDeviceId(temp);
}
}
@ -1310,7 +1149,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
return false;
}
sessions.addAll(findOwnSessions());
for(XmppAxolotlSession session : sessions) {
for (XmppAxolotlSession session : sessions) {
axolotlMessage.addDevice(session);
}
return true;
@ -1399,7 +1238,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
private XmppAxolotlSession getReceivingSession(SignalProtocolAddress senderAddress) {
XmppAxolotlSession session = sessions.get(senderAddress);
if (session == null) {
//Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Account: " + account.getJid() + " No axolotl session found while parsing received message " + message);
session = recreateUncachedSession(senderAddress);
if (session == null) {
session = new XmppAxolotlSession(account, axolotlStore, senderAddress);
@ -1408,7 +1246,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
return session;
}
public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceivingPayloadMessage(XmppAxolotlMessage message, boolean postponePreKeyMessageHandling) throws NotEncryptedForThisDeviceException, BrokenSessionException {
public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceivingPayloadMessage(XmppAxolotlMessage message, boolean postponePreKeyMessageHandling) throws NotEncryptedForThisDeviceException, BrokenSessionException, OutdatedSenderException {
XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null;
XmppAxolotlSession session = getReceivingSession(message);
@ -1427,6 +1265,9 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
} catch (final BrokenSessionException e) {
throw e;
} catch (final OutdatedSenderException e) {
Log.e(Config.LOGTAG,account.getJid().asBareJid()+": "+e.getMessage());
throw e;
} catch (CryptoFailedException e) {
Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to decrypt message from " + message.getFrom(), e);
}
@ -1439,7 +1280,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
public void reportBrokenSessionException(BrokenSessionException e, boolean postpone) {
Log.e(Config.LOGTAG,account.getJid().asBareJid()+": broken session with "+e.getSignalProtocolAddress().toString()+" detected", e);
Log.e(Config.LOGTAG, account.getJid().asBareJid() + ": broken session with " + e.getSignalProtocolAddress().toString() + " detected", e);
if (postpone) {
postponedHealing.add(e.getSignalProtocolAddress());
} else {
@ -1449,7 +1290,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
private void notifyRequiresHealing(final SignalProtocolAddress signalProtocolAddress) {
if (healingAttempts.add(signalProtocolAddress)) {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": attempt to heal "+signalProtocolAddress);
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": attempt to heal " + signalProtocolAddress);
buildSessionFromPEP(signalProtocolAddress, new OnSessionBuildFromPep() {
@Override
public void onSessionBuildSuccessful() {
@ -1463,7 +1304,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
});
} else {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": do not attempt to heal "+signalProtocolAddress+" again");
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": do not attempt to heal " + signalProtocolAddress + " again");
}
}
@ -1474,7 +1315,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
if (axolotlStore.flushPreKeys()) {
publishBundlesIfNeeded(false, false);
} else {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": nothing to flush. Not republishing key");
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": nothing to flush. Not republishing key");
}
if (trustedOrPreviouslyResponded(session)) {
completeSession(session);
@ -1503,7 +1344,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
}
private boolean trustedOrPreviouslyResponded(XmppAxolotlSession session) {
try {
return trustedOrPreviouslyResponded(Jid.of(session.getRemoteAddress().getName()));
@ -1533,7 +1373,6 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
}
public XmppAxolotlMessage.XmppAxolotlKeyTransportMessage processReceivingKeyTransportMessage(XmppAxolotlMessage message, final boolean postponePreKeyMessageHandling) {
final XmppAxolotlMessage.XmppAxolotlKeyTransportMessage keyTransportMessage;
final XmppAxolotlSession session = getReceivingSession(message);
@ -1565,4 +1404,164 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
}
}
}
public enum FetchStatus {
PENDING,
SUCCESS,
SUCCESS_VERIFIED,
TIMEOUT,
SUCCESS_TRUSTED,
ERROR
}
public interface OnDeviceIdsFetched {
void fetched(Jid jid, Set<Integer> deviceIds);
}
public interface OnMultipleDeviceIdFetched {
void fetched();
}
interface OnSessionBuildFromPep {
void onSessionBuildSuccessful();
void onSessionBuildFailed();
}
private static class AxolotlAddressMap<T> {
protected final Object MAP_LOCK = new Object();
protected Map<String, Map<Integer, T>> map;
public AxolotlAddressMap() {
this.map = new HashMap<>();
}
public void put(SignalProtocolAddress address, T value) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
if (devices == null) {
devices = new HashMap<>();
map.put(address.getName(), devices);
}
devices.put(address.getDeviceId(), value);
}
}
public T get(SignalProtocolAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
if (devices == null) {
return null;
}
return devices.get(address.getDeviceId());
}
}
public Map<Integer, T> getAll(String name) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(name);
if (devices == null) {
return new HashMap<>();
}
return devices;
}
}
public boolean hasAny(SignalProtocolAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
return devices != null && !devices.isEmpty();
}
}
public void clear() {
map.clear();
}
}
private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
private final XmppConnectionService xmppConnectionService;
private final Account account;
public SessionMap(XmppConnectionService service, SQLiteAxolotlStore store, Account account) {
super();
this.xmppConnectionService = service;
this.account = account;
this.fillMap(store);
}
public Set<Jid> findCounterpartsForSourceId(Integer sid) {
Set<Jid> candidates = new HashSet<>();
synchronized (MAP_LOCK) {
for (Map.Entry<String, Map<Integer, XmppAxolotlSession>> entry : map.entrySet()) {
String key = entry.getKey();
if (entry.getValue().containsKey(sid)) {
candidates.add(Jid.of(key));
}
}
}
return candidates;
}
private void putDevicesForJid(String bareJid, List<Integer> deviceIds, SQLiteAxolotlStore store) {
for (Integer deviceId : deviceIds) {
SignalProtocolAddress axolotlAddress = new SignalProtocolAddress(bareJid, deviceId);
IdentityKey identityKey = store.loadSession(axolotlAddress).getSessionState().getRemoteIdentityKey();
if (Config.X509_VERIFICATION) {
X509Certificate certificate = store.getFingerprintCertificate(CryptoHelper.bytesToHex(identityKey.getPublicKey().serialize()));
if (certificate != null) {
Bundle information = CryptoHelper.extractCertificateInformation(certificate);
try {
final String cn = information.getString("subject_cn");
final Jid jid = Jid.of(bareJid);
Log.d(Config.LOGTAG, "setting common name for " + jid + " to " + cn);
account.getRoster().getContact(jid).setCommonName(cn);
} catch (final IllegalArgumentException ignored) {
//ignored
}
}
}
this.put(axolotlAddress, new XmppAxolotlSession(account, store, axolotlAddress, identityKey));
}
}
private void fillMap(SQLiteAxolotlStore store) {
List<Integer> deviceIds = store.getSubDeviceSessions(account.getJid().asBareJid().toString());
putDevicesForJid(account.getJid().asBareJid().toString(), deviceIds, store);
for (String address : store.getKnownAddresses()) {
deviceIds = store.getSubDeviceSessions(address);
putDevicesForJid(address, deviceIds, store);
}
}
@Override
public void put(SignalProtocolAddress address, XmppAxolotlSession value) {
super.put(address, value);
value.setNotFresh();
}
public void put(XmppAxolotlSession session) {
this.put(session.getRemoteAddress(), session);
}
}
private static class FetchStatusMap extends AxolotlAddressMap<FetchStatus> {
public void clearErrorFor(Jid jid) {
synchronized (MAP_LOCK) {
Map<Integer, FetchStatus> devices = this.map.get(jid.asBareJid().toString());
if (devices == null) {
return;
}
for (Map.Entry<Integer, FetchStatus> entry : devices.entrySet()) {
if (entry.getValue() == FetchStatus.ERROR) {
Log.d(Config.LOGTAG, "resetting error for " + jid.asBareJid() + "(" + entry.getKey() + ")");
entry.setValue(FetchStatus.TIMEOUT);
}
}
}
}
}
}

View file

@ -0,0 +1,8 @@
package eu.siacs.conversations.crypto.axolotl;
public class OutdatedSenderException extends CryptoFailedException {
public OutdatedSenderException(final String msg) {
super(msg);
}
}

View file

@ -38,14 +38,241 @@ public class XmppAxolotlMessage {
private static final String KEYTYPE = "AES";
private static final String CIPHERMODE = "AES/GCM/NoPadding";
private static final String PROVIDER = "BC";
private final List<XmppAxolotlSession.AxolotlKey> keys;
private final Jid from;
private final int sourceDeviceId;
private byte[] innerKey;
private byte[] ciphertext = null;
private byte[] authtagPlusInnerKey = null;
private byte[] iv = null;
private final List<XmppAxolotlSession.AxolotlKey> keys;
private final Jid from;
private final int sourceDeviceId;
private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
this.from = from;
Element header = axolotlMessage.findChild(HEADER);
try {
this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
List<Element> keyElements = header.getChildren();
this.keys = new ArrayList<>();
for (Element keyElement : keyElements) {
switch (keyElement.getName()) {
case KEYTAG:
try {
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
boolean isPreKey = keyElement.getAttributeAsBoolean("prekey");
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key, isPreKey));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid remote id");
}
break;
case IVTAG:
if (this.iv != null) {
throw new IllegalArgumentException("Duplicate iv entry");
}
iv = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
break;
default:
Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
break;
}
}
final Element payloadElement = axolotlMessage.findChildEnsureSingle(PAYLOAD, AxolotlService.PEP_PREFIX);
if (payloadElement != null) {
ciphertext = Base64.decode(payloadElement.getContent().trim(), Base64.DEFAULT);
}
}
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
this.from = from;
this.sourceDeviceId = sourceDeviceId;
this.keys = new ArrayList<>();
this.iv = generateIv();
this.innerKey = generateKey();
}
public static int parseSourceId(final Element axolotlMessage) throws IllegalArgumentException {
final Element header = axolotlMessage.findChild(HEADER);
if (header == null) {
throw new IllegalArgumentException("No header found");
}
try {
return Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
}
public static XmppAxolotlMessage fromElement(Element element, Jid from) {
return new XmppAxolotlMessage(element, from);
}
private static byte[] generateKey() {
try {
KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
generator.init(128);
return generator.generateKey().getEncoded();
} catch (NoSuchAlgorithmException e) {
Log.e(Config.LOGTAG, e.getMessage());
return null;
}
}
private static byte[] generateIv() {
final SecureRandom random = new SecureRandom();
byte[] iv = new byte[Config.TWELVE_BYTE_IV ? 12 : 16];
random.nextBytes(iv);
return iv;
}
private static byte[] getPaddedBytes(String plaintext) {
int plainLength = plaintext.getBytes().length;
int pad = Math.max(64, (plainLength / 32 + 1) * 32) - plainLength;
SecureRandom random = new SecureRandom();
int left = random.nextInt(pad);
int right = pad - left;
StringBuilder builder = new StringBuilder(plaintext);
for (int i = 0; i < left; ++i) {
builder.insert(0, random.nextBoolean() ? "\t" : " ");
}
for (int i = 0; i < right; ++i) {
builder.append(random.nextBoolean() ? "\t" : " ");
}
return builder.toString().getBytes();
}
public boolean hasPayload() {
return ciphertext != null;
}
void encrypt(String plaintext) throws CryptoFailedException {
try {
SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
this.ciphertext = cipher.doFinal(Config.OMEMO_PADDING ? getPaddedBytes(plaintext) : plaintext.getBytes());
if (Config.PUT_AUTH_TAG_INTO_KEY && this.ciphertext != null) {
this.authtagPlusInnerKey = new byte[16 + 16];
byte[] ciphertext = new byte[this.ciphertext.length - 16];
System.arraycopy(this.ciphertext, 0, ciphertext, 0, ciphertext.length);
System.arraycopy(this.ciphertext, ciphertext.length, authtagPlusInnerKey, 16, 16);
System.arraycopy(this.innerKey, 0, authtagPlusInnerKey, 0, this.innerKey.length);
this.ciphertext = ciphertext;
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
| InvalidAlgorithmParameterException e) {
throw new CryptoFailedException(e);
}
}
public Jid getFrom() {
return this.from;
}
int getSenderDeviceId() {
return sourceDeviceId;
}
void addDevice(XmppAxolotlSession session) {
addDevice(session, false);
}
void addDevice(XmppAxolotlSession session, boolean ignoreSessionTrust) {
XmppAxolotlSession.AxolotlKey key;
if (authtagPlusInnerKey != null) {
key = session.processSending(authtagPlusInnerKey, ignoreSessionTrust);
} else {
key = session.processSending(innerKey, ignoreSessionTrust);
}
if (key != null) {
keys.add(key);
}
}
public byte[] getInnerKey() {
return innerKey;
}
public byte[] getIV() {
return this.iv;
}
public Element toElement() {
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
Element headerElement = encryptionElement.addChild(HEADER);
headerElement.setAttribute(SOURCEID, sourceDeviceId);
for (XmppAxolotlSession.AxolotlKey key : keys) {
Element keyElement = new Element(KEYTAG);
keyElement.setAttribute(REMOTEID, key.deviceId);
if (key.prekey) {
keyElement.setAttribute("prekey", "true");
}
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
headerElement.addChild(keyElement);
}
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
if (ciphertext != null) {
Element payload = encryptionElement.addChild(PAYLOAD);
payload.setContent(Base64.encodeToString(ciphertext, Base64.NO_WRAP));
}
return encryptionElement;
}
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
for (XmppAxolotlSession.AxolotlKey key : keys) {
if (key.deviceId == sourceDeviceId) {
possibleKeys.add(key);
}
}
if (possibleKeys.size() == 0) {
throw new NotEncryptedForThisDeviceException();
}
return session.processReceiving(possibleKeys);
}
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
return new XmppAxolotlKeyTransportMessage(session.getFingerprint(), unpackKey(session, sourceDeviceId), getIV());
}
public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
XmppAxolotlPlaintextMessage plaintextMessage = null;
byte[] key = unpackKey(session, sourceDeviceId);
if (key != null) {
try {
if (key.length < 32) {
throw new OutdatedSenderException("Key did not contain auth tag. Sender needs to update their OMEMO client");
}
final int authTagLength = key.length - 16;
byte[] newCipherText = new byte[key.length - 16 + ciphertext.length];
byte[] newKey = new byte[16];
System.arraycopy(ciphertext, 0, newCipherText, 0, ciphertext.length);
System.arraycopy(key, 16, newCipherText, ciphertext.length, authTagLength);
System.arraycopy(key, 0, newKey, 0, newKey.length);
ciphertext = newCipherText;
key = newKey;
final Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
String plaintext = new String(cipher.doFinal(ciphertext));
plaintextMessage = new XmppAxolotlPlaintextMessage(Config.OMEMO_PADDING ? plaintext.trim() : plaintext, session.getFingerprint());
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
| InvalidAlgorithmParameterException | IllegalBlockSizeException
| BadPaddingException | NoSuchProviderException e) {
throw new CryptoFailedException(e);
}
}
return plaintextMessage;
}
public static class XmppAxolotlPlaintextMessage {
private final String plaintext;
@ -89,233 +316,4 @@ public class XmppAxolotlMessage {
return iv;
}
}
public static int parseSourceId(final Element axolotlMessage) throws IllegalArgumentException {
final Element header = axolotlMessage.findChild(HEADER);
if (header == null) {
throw new IllegalArgumentException("No header found");
}
try {
return Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
}
private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
this.from = from;
Element header = axolotlMessage.findChild(HEADER);
try {
this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
List<Element> keyElements = header.getChildren();
this.keys = new ArrayList<>();
for (Element keyElement : keyElements) {
switch (keyElement.getName()) {
case KEYTAG:
try {
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key,isPreKey));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid remote id");
}
break;
case IVTAG:
if (this.iv != null) {
throw new IllegalArgumentException("Duplicate iv entry");
}
iv = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
break;
default:
Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
break;
}
}
final Element payloadElement = axolotlMessage.findChildEnsureSingle(PAYLOAD, AxolotlService.PEP_PREFIX);
if (payloadElement != null) {
ciphertext = Base64.decode(payloadElement.getContent().trim(), Base64.DEFAULT);
}
}
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
this.from = from;
this.sourceDeviceId = sourceDeviceId;
this.keys = new ArrayList<>();
this.iv = generateIv();
this.innerKey = generateKey();
}
public static XmppAxolotlMessage fromElement(Element element, Jid from) {
return new XmppAxolotlMessage(element, from);
}
private static byte[] generateKey() {
try {
KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
generator.init(128);
return generator.generateKey().getEncoded();
} catch (NoSuchAlgorithmException e) {
Log.e(Config.LOGTAG, e.getMessage());
return null;
}
}
private static byte[] generateIv() {
final SecureRandom random = new SecureRandom();
byte[] iv = new byte[Config.TWELVE_BYTE_IV ? 12 : 16];
random.nextBytes(iv);
return iv;
}
public boolean hasPayload() {
return ciphertext != null;
}
void encrypt(String plaintext) throws CryptoFailedException {
try {
SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
this.ciphertext = cipher.doFinal(Config.OMEMO_PADDING ? getPaddedBytes(plaintext) : plaintext.getBytes());
if (Config.PUT_AUTH_TAG_INTO_KEY && this.ciphertext != null) {
this.authtagPlusInnerKey = new byte[16+16];
byte[] ciphertext = new byte[this.ciphertext.length - 16];
System.arraycopy(this.ciphertext,0,ciphertext,0,ciphertext.length);
System.arraycopy(this.ciphertext,ciphertext.length,authtagPlusInnerKey,16,16);
System.arraycopy(this.innerKey,0,authtagPlusInnerKey,0,this.innerKey.length);
this.ciphertext = ciphertext;
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
| InvalidAlgorithmParameterException e) {
throw new CryptoFailedException(e);
}
}
private static byte[] getPaddedBytes(String plaintext) {
int plainLength = plaintext.getBytes().length;
int pad = Math.max(64,(plainLength / 32 + 1) * 32) - plainLength;
SecureRandom random = new SecureRandom();
int left = random.nextInt(pad);
int right = pad - left;
StringBuilder builder = new StringBuilder(plaintext);
for(int i = 0; i < left; ++i) {
builder.insert(0,random.nextBoolean() ? "\t" : " ");
}
for(int i = 0; i < right; ++i) {
builder.append(random.nextBoolean() ? "\t" : " ");
}
return builder.toString().getBytes();
}
public Jid getFrom() {
return this.from;
}
int getSenderDeviceId() {
return sourceDeviceId;
}
void addDevice(XmppAxolotlSession session) {
addDevice(session, false);
}
void addDevice(XmppAxolotlSession session, boolean ignoreSessionTrust) {
XmppAxolotlSession.AxolotlKey key;
if (authtagPlusInnerKey != null) {
key = session.processSending(authtagPlusInnerKey, ignoreSessionTrust);
} else {
key = session.processSending(innerKey, ignoreSessionTrust);
}
if (key != null) {
keys.add(key);
}
}
public byte[] getInnerKey() {
return innerKey;
}
public byte[] getIV() {
return this.iv;
}
public Element toElement() {
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
Element headerElement = encryptionElement.addChild(HEADER);
headerElement.setAttribute(SOURCEID, sourceDeviceId);
for(XmppAxolotlSession.AxolotlKey key : keys) {
Element keyElement = new Element(KEYTAG);
keyElement.setAttribute(REMOTEID, key.deviceId);
if (key.prekey) {
keyElement.setAttribute("prekey","true");
}
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
headerElement.addChild(keyElement);
}
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
if (ciphertext != null) {
Element payload = encryptionElement.addChild(PAYLOAD);
payload.setContent(Base64.encodeToString(ciphertext, Base64.NO_WRAP));
}
return encryptionElement;
}
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
for(XmppAxolotlSession.AxolotlKey key : keys) {
if (key.deviceId == sourceDeviceId) {
possibleKeys.add(key);
}
}
if (possibleKeys.size() == 0) {
throw new NotEncryptedForThisDeviceException();
}
return session.processReceiving(possibleKeys);
}
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
return new XmppAxolotlKeyTransportMessage(session.getFingerprint(), unpackKey(session, sourceDeviceId), getIV());
}
public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
XmppAxolotlPlaintextMessage plaintextMessage = null;
byte[] key = unpackKey(session, sourceDeviceId);
if (key != null) {
try {
//TODO remove support for *not* having auth tag in key
if (key.length >= 32) {
int authtaglength = key.length - 16;
Log.d(Config.LOGTAG,"found auth tag as part of omemo key");
byte[] newCipherText = new byte[key.length - 16 + ciphertext.length];
byte[] newKey = new byte[16];
System.arraycopy(ciphertext, 0, newCipherText, 0, ciphertext.length);
System.arraycopy(key, 16, newCipherText, ciphertext.length, authtaglength);
System.arraycopy(key,0,newKey,0,newKey.length);
ciphertext = newCipherText;
key = newKey;
}
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
String plaintext = new String(cipher.doFinal(ciphertext));
plaintextMessage = new XmppAxolotlPlaintextMessage(Config.OMEMO_PADDING ? plaintext.trim() : plaintext, session.getFingerprint());
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
| InvalidAlgorithmParameterException | IllegalBlockSizeException
| BadPaddingException | NoSuchProviderException e) {
throw new CryptoFailedException(e);
}
}
return plaintextMessage;
}
}

View file

@ -76,8 +76,8 @@ public class Conversation extends AbstractEntity implements Blockable, Comparabl
private Jid nextCounterpart;
private transient MucOptions mucOptions = null;
private boolean messagesLeftOnServer = true;
private ChatState mOutgoingChatState = Config.DEFAULT_CHATSTATE;
private ChatState mIncomingChatState = Config.DEFAULT_CHATSTATE;
private ChatState mOutgoingChatState = Config.DEFAULT_CHAT_STATE;
private ChatState mIncomingChatState = Config.DEFAULT_CHAT_STATE;
private String mFirstMamReference = null;
public Conversation(final String name, final Account account, final Jid contactJid,

View file

@ -94,7 +94,7 @@ public class MucOptions {
public void resetChatState() {
synchronized (users) {
for (User user : users) {
user.chatState = Config.DEFAULT_CHATSTATE;
user.chatState = Config.DEFAULT_CHAT_STATE;
}
}
}
@ -746,7 +746,7 @@ public class MucOptions {
private long pgpKeyId = 0;
private Avatar avatar;
private MucOptions options;
private ChatState chatState = Config.DEFAULT_CHATSTATE;
private ChatState chatState = Config.DEFAULT_CHAT_STATE;
public User(MucOptions options, Jid fullJid) {
this.options = options;

View file

@ -19,6 +19,7 @@ import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.axolotl.AxolotlService;
import eu.siacs.conversations.crypto.axolotl.BrokenSessionException;
import eu.siacs.conversations.crypto.axolotl.NotEncryptedForThisDeviceException;
import eu.siacs.conversations.crypto.axolotl.OutdatedSenderException;
import eu.siacs.conversations.crypto.axolotl.XmppAxolotlMessage;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.entities.Bookmark;
@ -140,6 +141,8 @@ public class MessageParser extends AbstractParser implements OnMessagePacketRece
}
} catch (NotEncryptedForThisDeviceException e) {
return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_NOT_FOR_THIS_DEVICE, status);
} catch (OutdatedSenderException e) {
return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_FAILED, status);
}
if (plaintextMessage != null) {
Message finishedMessage = new Message(conversation, plaintextMessage.getPlaintext(), Message.ENCRYPTION_AXOLOTL, status);

View file

@ -34,7 +34,6 @@ import android.provider.ContactsContract;
import android.security.KeyChain;
import android.support.annotation.BoolRes;
import android.support.annotation.IntegerRes;
import android.support.annotation.NonNull;
import android.support.v4.app.RemoteInput;
import android.support.v4.content.ContextCompat;
import android.text.TextUtils;
@ -1515,7 +1514,7 @@ public class XmppConnectionService extends Service {
if (delay) {
mMessageGenerator.addDelay(packet, message.getTimeSent());
}
if (conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
if (conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
if (this.sendChatStates()) {
packet.addChild(ChatState.toElement(conversation.getOutgoingChatState()));
}
@ -2514,7 +2513,7 @@ public class XmppConnectionService extends Service {
if (conversation.getMode() == Conversation.MODE_MULTI) {
conversation.getMucOptions().resetChatState();
} else {
conversation.setIncomingChatState(Config.DEFAULT_CHATSTATE);
conversation.setIncomingChatState(Config.DEFAULT_CHAT_STATE);
}
}
for (Account account : getAccounts()) {

View file

@ -1721,7 +1721,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
}
public void privateMessageWith(final Jid counterpart) {
if (conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
if (conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
activity.xmppConnectionService.sendChatState(conversation);
}
this.binding.textinput.setText("");
@ -1859,7 +1859,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
}
private void updateChatState(final Conversation conversation, final String msg) {
ChatState state = msg.length() == 0 ? Config.DEFAULT_CHATSTATE : ChatState.PAUSED;
ChatState state = msg.length() == 0 ? Config.DEFAULT_CHAT_STATE : ChatState.PAUSED;
Account.State status = conversation.getAccount().getStatus();
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(state)) {
activity.xmppConnectionService.sendChatState(conversation);
@ -2619,7 +2619,7 @@ public class ConversationFragment extends XmppFragment implements EditMessage.Ke
return;
}
Account.State status = conversation.getAccount().getStatus();
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(Config.DEFAULT_CHATSTATE)) {
if (status == Account.State.ONLINE && conversation.setOutgoingChatState(Config.DEFAULT_CHAT_STATE)) {
service.sendChatState(conversation);
}
if (storeNextMessage()) {

View file

@ -31,7 +31,7 @@
<resources>
<string name="pref_about_message" translatable="false">
Conversations • the very last word in instant messaging.
\n\nCopyright © 2014-2019 Daniel Gultsch
\n\nCopyright © 2014-2020 Daniel Gultsch
\n\nThis program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or