package eu.siacs.conversations.crypto.axolotl; import android.util.Base64; import android.util.Log; import org.whispersystems.libaxolotl.AxolotlAddress; import org.whispersystems.libaxolotl.DuplicateMessageException; import org.whispersystems.libaxolotl.IdentityKey; import org.whispersystems.libaxolotl.IdentityKeyPair; import org.whispersystems.libaxolotl.InvalidKeyException; import org.whispersystems.libaxolotl.InvalidKeyIdException; import org.whispersystems.libaxolotl.InvalidMessageException; import org.whispersystems.libaxolotl.InvalidVersionException; import org.whispersystems.libaxolotl.LegacyMessageException; import org.whispersystems.libaxolotl.NoSessionException; import org.whispersystems.libaxolotl.SessionBuilder; import org.whispersystems.libaxolotl.SessionCipher; import org.whispersystems.libaxolotl.UntrustedIdentityException; import org.whispersystems.libaxolotl.ecc.Curve; import org.whispersystems.libaxolotl.ecc.ECKeyPair; import org.whispersystems.libaxolotl.ecc.ECPublicKey; import org.whispersystems.libaxolotl.protocol.CiphertextMessage; import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage; import org.whispersystems.libaxolotl.protocol.WhisperMessage; import org.whispersystems.libaxolotl.state.AxolotlStore; import org.whispersystems.libaxolotl.state.PreKeyBundle; import org.whispersystems.libaxolotl.state.PreKeyRecord; import org.whispersystems.libaxolotl.state.SessionRecord; import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; import org.whispersystems.libaxolotl.util.KeyHelper; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import eu.siacs.conversations.Config; import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.entities.Contact; import eu.siacs.conversations.entities.Conversation; import eu.siacs.conversations.parser.IqParser; import eu.siacs.conversations.services.XmppConnectionService; import eu.siacs.conversations.xml.Element; import eu.siacs.conversations.xmpp.OnIqPacketReceived; import eu.siacs.conversations.xmpp.jid.InvalidJidException; import eu.siacs.conversations.xmpp.jid.Jid; import eu.siacs.conversations.xmpp.stanzas.IqPacket; public class AxolotlService { public static final String PEP_PREFIX = "eu.siacs.conversations.axolotl"; public static final String PEP_DEVICE_LIST = PEP_PREFIX + ".devicelist"; public static final String PEP_BUNDLES = PEP_PREFIX + ".bundles"; public static final int NUM_KEYS_TO_PUBLISH = 10; private final Account account; private final XmppConnectionService mXmppConnectionService; private final SQLiteAxolotlStore axolotlStore; private final SessionMap sessions; private final BundleMap bundleCache; private final Map> deviceIds; private int ownDeviceId; public static class SQLiteAxolotlStore implements AxolotlStore { public static final String PREKEY_TABLENAME = "prekeys"; public static final String SIGNED_PREKEY_TABLENAME = "signed_prekeys"; public static final String SESSION_TABLENAME = "sessions"; public static final String IDENTITIES_TABLENAME = "identities"; public static final String ACCOUNT = "account"; public static final String DEVICE_ID = "device_id"; public static final String ID = "id"; public static final String KEY = "key"; public static final String NAME = "name"; public static final String TRUSTED = "trusted"; public static final String OWN = "ownkey"; public static final String JSONKEY_IDENTITY_KEY_PAIR = "axolotl_key"; public static final String JSONKEY_REGISTRATION_ID = "axolotl_reg_id"; public static final String JSONKEY_CURRENT_PREKEY_ID = "axolotl_cur_prekey_id"; private final Account account; private final XmppConnectionService mXmppConnectionService; private IdentityKeyPair identityKeyPair; private final int localRegistrationId; private int currentPreKeyId = 0; private static IdentityKeyPair generateIdentityKeyPair() { Log.d(Config.LOGTAG, "Generating axolotl IdentityKeyPair..."); ECKeyPair identityKeyPairKeys = Curve.generateKeyPair(); IdentityKeyPair ownKey = new IdentityKeyPair(new IdentityKey(identityKeyPairKeys.getPublicKey()), identityKeyPairKeys.getPrivateKey()); return ownKey; } private static int generateRegistrationId() { Log.d(Config.LOGTAG, "Generating axolotl registration ID..."); int reg_id = KeyHelper.generateRegistrationId(false); return reg_id; } public SQLiteAxolotlStore(Account account, XmppConnectionService service) { this.account = account; this.mXmppConnectionService = service; this.localRegistrationId = loadRegistrationId(); this.currentPreKeyId = loadCurrentPreKeyId(); for (SignedPreKeyRecord record : loadSignedPreKeys()) { Log.d(Config.LOGTAG, "Got Axolotl signed prekey record:" + record.getId()); } } public int getCurrentPreKeyId() { return currentPreKeyId; } // -------------------------------------- // IdentityKeyStore // -------------------------------------- private IdentityKeyPair loadIdentityKeyPair() { String ownName = account.getJid().toBareJid().toString(); IdentityKeyPair ownKey = mXmppConnectionService.databaseBackend.loadOwnIdentityKeyPair(account, ownName); if (ownKey != null) { return ownKey; } else { Log.d(Config.LOGTAG, "Could not retrieve axolotl key for account " + ownName); ownKey = generateIdentityKeyPair(); mXmppConnectionService.databaseBackend.storeOwnIdentityKeyPair(account, ownName, ownKey); } return ownKey; } private int loadRegistrationId() { String regIdString = this.account.getKey(JSONKEY_REGISTRATION_ID); int reg_id; if (regIdString != null) { reg_id = Integer.valueOf(regIdString); } else { Log.d(Config.LOGTAG, "Could not retrieve axolotl registration id for account " + account.getJid()); reg_id = generateRegistrationId(); boolean success = this.account.setKey(JSONKEY_REGISTRATION_ID, Integer.toString(reg_id)); if (success) { mXmppConnectionService.databaseBackend.updateAccount(account); } else { Log.e(Config.LOGTAG, "Failed to write new key to the database!"); } } return reg_id; } private int loadCurrentPreKeyId() { String regIdString = this.account.getKey(JSONKEY_CURRENT_PREKEY_ID); int reg_id; if (regIdString != null) { reg_id = Integer.valueOf(regIdString); } else { Log.d(Config.LOGTAG, "Could not retrieve current prekey id for account " + account.getJid()); reg_id = 0; } return reg_id; } /** * Get the local client's identity key pair. * * @return The local client's persistent identity key pair. */ @Override public IdentityKeyPair getIdentityKeyPair() { if(identityKeyPair == null) { identityKeyPair = loadIdentityKeyPair(); } return identityKeyPair; } /** * Return the local client's registration ID. *

* Clients should maintain a registration ID, a random number * between 1 and 16380 that's generated once at install time. * * @return the local client's registration ID. */ @Override public int getLocalRegistrationId() { return localRegistrationId; } /** * Save a remote client's identity key *

* Store a remote client's identity key as trusted. * * @param name The name of the remote client. * @param identityKey The remote client's identity key. */ @Override public void saveIdentity(String name, IdentityKey identityKey) { if(!mXmppConnectionService.databaseBackend.loadIdentityKeys(account, name).contains(identityKey)) { mXmppConnectionService.databaseBackend.storeIdentityKey(account, name, identityKey); } } /** * Verify a remote client's identity key. *

* Determine whether a remote client's identity is trusted. Convention is * that the TextSecure protocol is 'trust on first use.' This means that * an identity key is considered 'trusted' if there is no entry for the recipient * in the local store, or if it matches the saved key for a recipient in the local * store. Only if it mismatches an entry in the local store is it considered * 'untrusted.' * * @param name The name of the remote client. * @param identityKey The identity key to verify. * @return true if trusted, false if untrusted. */ @Override public boolean isTrustedIdentity(String name, IdentityKey identityKey) { Set trustedKeys = mXmppConnectionService.databaseBackend.loadIdentityKeys(account, name); return trustedKeys.isEmpty() || trustedKeys.contains(identityKey); } // -------------------------------------- // SessionStore // -------------------------------------- /** * Returns a copy of the {@link SessionRecord} corresponding to the recipientId + deviceId tuple, * or a new SessionRecord if one does not currently exist. *

* It is important that implementations return a copy of the current durable information. The * returned SessionRecord may be modified, but those changes should not have an effect on the * durable session state (what is returned by subsequent calls to this method) without the * store method being called here first. * * @param address The name and device ID of the remote client. * @return a copy of the SessionRecord corresponding to the recipientId + deviceId tuple, or * a new SessionRecord if one does not currently exist. */ @Override public SessionRecord loadSession(AxolotlAddress address) { SessionRecord session = mXmppConnectionService.databaseBackend.loadSession(this.account, address); return (session != null) ? session : new SessionRecord(); } /** * Returns all known devices with active sessions for a recipient * * @param name the name of the client. * @return all known sub-devices with active sessions. */ @Override public List getSubDeviceSessions(String name) { return mXmppConnectionService.databaseBackend.getSubDeviceSessions(account, new AxolotlAddress(name, 0)); } /** * Commit to storage the {@link SessionRecord} for a given recipientId + deviceId tuple. * * @param address the address of the remote client. * @param record the current SessionRecord for the remote client. */ @Override public void storeSession(AxolotlAddress address, SessionRecord record) { mXmppConnectionService.databaseBackend.storeSession(account, address, record); } /** * Determine whether there is a committed {@link SessionRecord} for a recipientId + deviceId tuple. * * @param address the address of the remote client. * @return true if a {@link SessionRecord} exists, false otherwise. */ @Override public boolean containsSession(AxolotlAddress address) { return mXmppConnectionService.databaseBackend.containsSession(account, address); } /** * Remove a {@link SessionRecord} for a recipientId + deviceId tuple. * * @param address the address of the remote client. */ @Override public void deleteSession(AxolotlAddress address) { mXmppConnectionService.databaseBackend.deleteSession(account, address); } /** * Remove the {@link SessionRecord}s corresponding to all devices of a recipientId. * * @param name the name of the remote client. */ @Override public void deleteAllSessions(String name) { mXmppConnectionService.databaseBackend.deleteAllSessions(account, new AxolotlAddress(name, 0)); } public boolean isTrustedSession(AxolotlAddress address) { return mXmppConnectionService.databaseBackend.isTrustedSession(this.account, address); } public void setTrustedSession(AxolotlAddress address, boolean trusted) { mXmppConnectionService.databaseBackend.setTrustedSession(this.account, address, trusted); } // -------------------------------------- // PreKeyStore // -------------------------------------- /** * Load a local PreKeyRecord. * * @param preKeyId the ID of the local PreKeyRecord. * @return the corresponding PreKeyRecord. * @throws InvalidKeyIdException when there is no corresponding PreKeyRecord. */ @Override public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException { PreKeyRecord record = mXmppConnectionService.databaseBackend.loadPreKey(account, preKeyId); if (record == null) { throw new InvalidKeyIdException("No such PreKeyRecord: " + preKeyId); } return record; } /** * Store a local PreKeyRecord. * * @param preKeyId the ID of the PreKeyRecord to store. * @param record the PreKeyRecord. */ @Override public void storePreKey(int preKeyId, PreKeyRecord record) { mXmppConnectionService.databaseBackend.storePreKey(account, record); currentPreKeyId = preKeyId; boolean success = this.account.setKey(JSONKEY_CURRENT_PREKEY_ID, Integer.toString(preKeyId)); if (success) { mXmppConnectionService.databaseBackend.updateAccount(account); } else { Log.e(Config.LOGTAG, "Failed to write new prekey id to the database!"); } } /** * @param preKeyId A PreKeyRecord ID. * @return true if the store has a record for the preKeyId, otherwise false. */ @Override public boolean containsPreKey(int preKeyId) { return mXmppConnectionService.databaseBackend.containsPreKey(account, preKeyId); } /** * Delete a PreKeyRecord from local storage. * * @param preKeyId The ID of the PreKeyRecord to remove. */ @Override public void removePreKey(int preKeyId) { mXmppConnectionService.databaseBackend.deletePreKey(account, preKeyId); } // -------------------------------------- // SignedPreKeyStore // -------------------------------------- /** * Load a local SignedPreKeyRecord. * * @param signedPreKeyId the ID of the local SignedPreKeyRecord. * @return the corresponding SignedPreKeyRecord. * @throws InvalidKeyIdException when there is no corresponding SignedPreKeyRecord. */ @Override public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException { SignedPreKeyRecord record = mXmppConnectionService.databaseBackend.loadSignedPreKey(account, signedPreKeyId); if (record == null) { throw new InvalidKeyIdException("No such SignedPreKeyRecord: " + signedPreKeyId); } return record; } /** * Load all local SignedPreKeyRecords. * * @return All stored SignedPreKeyRecords. */ @Override public List loadSignedPreKeys() { return mXmppConnectionService.databaseBackend.loadSignedPreKeys(account); } /** * Store a local SignedPreKeyRecord. * * @param signedPreKeyId the ID of the SignedPreKeyRecord to store. * @param record the SignedPreKeyRecord. */ @Override public void storeSignedPreKey(int signedPreKeyId, SignedPreKeyRecord record) { mXmppConnectionService.databaseBackend.storeSignedPreKey(account, record); } /** * @param signedPreKeyId A SignedPreKeyRecord ID. * @return true if the store has a record for the signedPreKeyId, otherwise false. */ @Override public boolean containsSignedPreKey(int signedPreKeyId) { return mXmppConnectionService.databaseBackend.containsSignedPreKey(account, signedPreKeyId); } /** * Delete a SignedPreKeyRecord from local storage. * * @param signedPreKeyId The ID of the SignedPreKeyRecord to remove. */ @Override public void removeSignedPreKey(int signedPreKeyId) { mXmppConnectionService.databaseBackend.deleteSignedPreKey(account, signedPreKeyId); } } public static class XmppAxolotlSession { private SessionCipher cipher; private boolean isTrusted = false; private SQLiteAxolotlStore sqLiteAxolotlStore; private AxolotlAddress remoteAddress; public XmppAxolotlSession(SQLiteAxolotlStore store, AxolotlAddress remoteAddress) { this.cipher = new SessionCipher(store, remoteAddress); this.remoteAddress = remoteAddress; this.sqLiteAxolotlStore = store; this.isTrusted = sqLiteAxolotlStore.isTrustedSession(remoteAddress); } public void trust() { sqLiteAxolotlStore.setTrustedSession(remoteAddress, true); this.isTrusted = true; } public boolean isTrusted() { return this.isTrusted; } public byte[] processReceiving(XmppAxolotlMessage.XmppAxolotlMessageHeader incomingHeader) { byte[] plaintext = null; try { try { PreKeyWhisperMessage message = new PreKeyWhisperMessage(incomingHeader.getContents()); Log.d(Config.LOGTAG, "PreKeyWhisperMessage ID:" + message.getSignedPreKeyId() + "/" + message.getPreKeyId()); plaintext = cipher.decrypt(message); } catch (InvalidMessageException | InvalidVersionException e) { WhisperMessage message = new WhisperMessage(incomingHeader.getContents()); plaintext = cipher.decrypt(message); } catch (InvalidKeyException | InvalidKeyIdException | UntrustedIdentityException e) { Log.d(Config.LOGTAG, "Error decrypting axolotl header, "+e.getClass().getName()+": " + e.getMessage()); } } catch (LegacyMessageException | InvalidMessageException e) { Log.d(Config.LOGTAG, "Error decrypting axolotl header, "+e.getClass().getName()+": " + e.getMessage()); } catch (DuplicateMessageException | NoSessionException e) { Log.d(Config.LOGTAG, "Error decrypting axolotl header, "+e.getClass().getName()+": " + e.getMessage()); } return plaintext; } public XmppAxolotlMessage.XmppAxolotlMessageHeader processSending(byte[] outgoingMessage) { CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage); XmppAxolotlMessage.XmppAxolotlMessageHeader header = new XmppAxolotlMessage.XmppAxolotlMessageHeader(remoteAddress.getDeviceId(), ciphertextMessage.serialize()); return header; } } private static class AxolotlAddressMap { protected Map> map; protected final Object MAP_LOCK = new Object(); public AxolotlAddressMap() { this.map = new HashMap<>(); } public void put(AxolotlAddress address, T value) { synchronized (MAP_LOCK) { Map devices = map.get(address.getName()); if (devices == null) { devices = new HashMap<>(); map.put(address.getName(), devices); } devices.put(address.getDeviceId(), value); } } public T get(AxolotlAddress address) { synchronized (MAP_LOCK) { Map devices = map.get(address.getName()); if (devices == null) { return null; } return devices.get(address.getDeviceId()); } } public Map getAll(AxolotlAddress address) { synchronized (MAP_LOCK) { Map devices = map.get(address.getName()); if (devices == null) { return new HashMap<>(); } return devices; } } public boolean hasAny(AxolotlAddress address) { synchronized (MAP_LOCK) { Map devices = map.get(address.getName()); return devices != null && !devices.isEmpty(); } } } private static class SessionMap extends AxolotlAddressMap { public SessionMap(SQLiteAxolotlStore store, Account account) { super(); this.fillMap(store, account); } private void fillMap(SQLiteAxolotlStore store, Account account) { for (Contact contact : account.getRoster().getContacts()) { Jid bareJid = contact.getJid().toBareJid(); if (bareJid == null) { continue; // FIXME: handle this? } String address = bareJid.toString(); List deviceIDs = store.getSubDeviceSessions(address); for (Integer deviceId : deviceIDs) { AxolotlAddress axolotlAddress = new AxolotlAddress(address, deviceId); this.put(axolotlAddress, new XmppAxolotlSession(store, axolotlAddress)); } } } } private static class BundleMap extends AxolotlAddressMap { } public AxolotlService(Account account, XmppConnectionService connectionService) { this.mXmppConnectionService = connectionService; this.account = account; this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService); this.deviceIds = new HashMap<>(); this.sessions = new SessionMap(axolotlStore, account); this.bundleCache = new BundleMap(); this.ownDeviceId = axolotlStore.getLocalRegistrationId(); } public void trustSession(AxolotlAddress counterpart) { XmppAxolotlSession session = sessions.get(counterpart); if (session != null) { session.trust(); } } public boolean isTrustedSession(AxolotlAddress counterpart) { XmppAxolotlSession session = sessions.get(counterpart); return session != null && session.isTrusted(); } private AxolotlAddress getAddressForJid(Jid jid) { return new AxolotlAddress(jid.toString(), 0); } private Set findOwnSessions() { AxolotlAddress ownAddress = getAddressForJid(account.getJid().toBareJid()); Set ownDeviceSessions = new HashSet<>(this.sessions.getAll(ownAddress).values()); return ownDeviceSessions; } private Set findSessionsforContact(Contact contact) { AxolotlAddress contactAddress = getAddressForJid(contact.getJid()); Set sessions = new HashSet<>(this.sessions.getAll(contactAddress).values()); return sessions; } private boolean hasAny(Contact contact) { AxolotlAddress contactAddress = getAddressForJid(contact.getJid()); return sessions.hasAny(contactAddress); } public int getOwnDeviceId() { return ownDeviceId; } public void registerDevices(final Jid jid, final Set deviceIds) { for(Integer i:deviceIds) { Log.d(Config.LOGTAG, "Adding Device ID:"+ jid + ":"+i); } this.deviceIds.put(jid, deviceIds); } public void publishOwnDeviceIdIfNeeded() { IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveDeviceIds(account.getJid().toBareJid()); mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() { @Override public void onIqPacketReceived(Account account, IqPacket packet) { Element item = mXmppConnectionService.getIqParser().getItem(packet); Set deviceIds = mXmppConnectionService.getIqParser().deviceIds(item); if (deviceIds == null) { deviceIds = new HashSet(); } if (!deviceIds.contains(getOwnDeviceId())) { deviceIds.add(getOwnDeviceId()); IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds); Log.d(Config.LOGTAG, "Own device " + getOwnDeviceId() + " not in PEP devicelist. Publishing: " + publish); mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() { @Override public void onIqPacketReceived(Account account, IqPacket packet) { // TODO: implement this! } }); } } }); } private boolean validateBundle(PreKeyBundle bundle) { if (bundle == null || bundle.getIdentityKey() == null || bundle.getSignedPreKey() == null || bundle.getSignedPreKeySignature() == null) { return false; } try { SignedPreKeyRecord signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId()); IdentityKey identityKey = axolotlStore.getIdentityKeyPair().getPublicKey(); Log.d(Config.LOGTAG,"own identity key:"+identityKey.getFingerprint()+", foreign: "+bundle.getIdentityKey().getFingerprint()); Log.d(Config.LOGTAG,"bundle: "+Boolean.toString(bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())) +" " + Boolean.toString(Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())) +" " + Boolean.toString( bundle.getIdentityKey().equals(identityKey))); return bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey()) && Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature()) && bundle.getIdentityKey().equals(identityKey); } catch (InvalidKeyIdException ignored) { return false; } } private boolean validatePreKeys(Map keys) { if(keys == null) { return false; } for(Integer id:keys.keySet()) { try { PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id); if(!preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) { return false; } } catch (InvalidKeyIdException ignored) { return false; } } return true; } public void publishBundlesIfNeeded() { IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), ownDeviceId); mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() { @Override public void onIqPacketReceived(Account account, IqPacket packet) { PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet); Map keys = mXmppConnectionService.getIqParser().preKeyPublics(packet); SignedPreKeyRecord signedPreKeyRecord; List preKeyRecords; if (!validateBundle(bundle) || keys.isEmpty() || !validatePreKeys(keys)) { int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size(); try { signedPreKeyRecord = KeyHelper.generateSignedPreKey( axolotlStore.getIdentityKeyPair(), numSignedPreKeys + 1); axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord); preKeyRecords = KeyHelper.generatePreKeys( axolotlStore.getCurrentPreKeyId(), NUM_KEYS_TO_PUBLISH); for (PreKeyRecord record : preKeyRecords) { axolotlStore.storePreKey(record.getId(), record); } IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles( signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(), preKeyRecords, ownDeviceId); Log.d(Config.LOGTAG, "Bundle " + getOwnDeviceId() + " not in PEP. Publishing: " + publish); mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() { @Override public void onIqPacketReceived(Account account, IqPacket packet) { // TODO: implement this! Log.d(Config.LOGTAG, "Published bundle, got: " + packet); } }); } catch (InvalidKeyException e) { Log.e(Config.LOGTAG, "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage()); return; } } } }); } public boolean isContactAxolotlCapable(Contact contact) { Jid jid = contact.getJid().toBareJid(); AxolotlAddress address = new AxolotlAddress(jid.toString(), 0); return sessions.hasAny(address) || ( deviceIds.containsKey(jid) && !deviceIds.get(jid).isEmpty()); } private void buildSessionFromPEP(final Conversation conversation, final AxolotlAddress address) { Log.d(Config.LOGTAG, "Building new sesstion for " + address.getDeviceId()); try { IqPacket bundlesPacket = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice( Jid.fromString(address.getName()), address.getDeviceId()); Log.d(Config.LOGTAG, "Retrieving bundle: " + bundlesPacket); mXmppConnectionService.sendIqPacket(account, bundlesPacket, new OnIqPacketReceived() { @Override public void onIqPacketReceived(Account account, IqPacket packet) { Log.d(Config.LOGTAG, "Received preKey IQ packet, processing..."); final IqParser parser = mXmppConnectionService.getIqParser(); final List preKeyBundleList = parser.preKeys(packet); final PreKeyBundle bundle = parser.bundle(packet); if (preKeyBundleList.isEmpty() || bundle == null) { Log.d(Config.LOGTAG, "preKey IQ packet invalid: " + packet); fetchStatusMap.put(address, FetchStatus.ERROR); return; } Random random = new Random(); final PreKeyBundle preKey = preKeyBundleList.get(random.nextInt(preKeyBundleList.size())); if (preKey == null) { //should never happen fetchStatusMap.put(address, FetchStatus.ERROR); return; } final PreKeyBundle preKeyBundle = new PreKeyBundle(0, address.getDeviceId(), preKey.getPreKeyId(), preKey.getPreKey(), bundle.getSignedPreKeyId(), bundle.getSignedPreKey(), bundle.getSignedPreKeySignature(), bundle.getIdentityKey()); axolotlStore.saveIdentity(address.getName(), bundle.getIdentityKey()); try { SessionBuilder builder = new SessionBuilder(axolotlStore, address); builder.process(preKeyBundle); XmppAxolotlSession session = new XmppAxolotlSession(axolotlStore, address); sessions.put(address, session); fetchStatusMap.put(address, FetchStatus.SUCCESS); } catch (UntrustedIdentityException|InvalidKeyException e) { Log.d(Config.LOGTAG, "Error building session for " + address + ": " + e.getClass().getName() + ", " + e.getMessage()); fetchStatusMap.put(address, FetchStatus.ERROR); } AxolotlAddress ownAddress = new AxolotlAddress(conversation.getAccount().getJid().toBareJid().toString(),0); AxolotlAddress foreignAddress = new AxolotlAddress(conversation.getJid().toBareJid().toString(),0); if (!fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING) && !fetchStatusMap.getAll(foreignAddress).containsValue(FetchStatus.PENDING)) { conversation.findUnsentMessagesWithEncryption(Message.ENCRYPTION_AXOLOTL, new Conversation.OnMessageFound() { @Override public void onMessageFound(Message message) { processSending(message); } }); } } }); } catch (InvalidJidException e) { Log.e(Config.LOGTAG,"Got address with invalid jid: " + address.getName()); } } private void createSessionsIfNeeded(Contact contact) throws NoSessionsCreatedException { Log.d(Config.LOGTAG, "Creating axolotl sessions if needed..."); AxolotlAddress address = new AxolotlAddress(contact.getJid().toBareJid().toString(), 0); for(Integer deviceId: bundleCache.getAll(address).keySet()) { Log.d(Config.LOGTAG, "Processing device ID: " + deviceId); AxolotlAddress remoteAddress = new AxolotlAddress(contact.getJid().toBareJid().toString(), deviceId); if(sessions.get(remoteAddress) == null) { Log.d(Config.LOGTAG, "Building new sesstion for " + deviceId); SessionBuilder builder = new SessionBuilder(this.axolotlStore, remoteAddress); try { builder.process(bundleCache.get(remoteAddress)); XmppAxolotlSession session = new XmppAxolotlSession(this.axolotlStore, remoteAddress); sessions.put(remoteAddress, session); } catch (InvalidKeyException e) { Log.d(Config.LOGTAG, "Error building session for " + deviceId+ ": InvalidKeyException, " +e.getMessage()); } catch (UntrustedIdentityException e) { Log.d(Config.LOGTAG, "Error building session for " + deviceId+ ": UntrustedIdentityException, " +e.getMessage()); } } else { Log.d(Config.LOGTAG, "Already have session for " + deviceId); } } if(!this.hasAny(contact)) { Log.e(Config.LOGTAG, "No Axolotl sessions available!"); throw new NoSessionsCreatedException(); // FIXME: proper error handling } } public XmppAxolotlMessage processSending(Contact contact, String outgoingMessage) throws NoSessionsCreatedException { XmppAxolotlMessage message = new XmppAxolotlMessage(contact, ownDeviceId, outgoingMessage); createSessionsIfNeeded(contact); Log.d(Config.LOGTAG, "Building axolotl foreign headers..."); for(XmppAxolotlSession session : findSessionsforContact(contact)) { // if(!session.isTrusted()) { // TODO: handle this properly // continue; // } message.addHeader(session.processSending(message.getInnerKey())); } Log.d(Config.LOGTAG, "Building axolotl own headers..."); for(XmppAxolotlSession session : findOwnSessions()) { // if(!session.isTrusted()) { // TODO: handle this properly // continue; // } message.addHeader(session.processSending(message.getInnerKey())); } return message; } public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceiving(XmppAxolotlMessage message) { XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null; AxolotlAddress senderAddress = new AxolotlAddress(message.getContact().getJid().toBareJid().toString(), message.getSenderDeviceId()); XmppAxolotlSession session = sessions.get(senderAddress); if (session == null) { Log.d(Config.LOGTAG, "No axolotl session found while parsing received message " + message); // TODO: handle this properly session = new XmppAxolotlSession(axolotlStore, senderAddress); } for(XmppAxolotlMessage.XmppAxolotlMessageHeader header : message.getHeaders()) { if (header.getRecipientDeviceId() == ownDeviceId) { Log.d(Config.LOGTAG, "Found axolotl header matching own device ID, processing..."); byte[] payloadKey = session.processReceiving(header); if (payloadKey != null) { Log.d(Config.LOGTAG, "Got payload key from axolotl header. Decrypting message..."); plaintextMessage = message.decrypt(session, payloadKey); } } } return plaintextMessage; } }