narayana/anotherim
narayana/anotherim
3
2
Fork 0
Code Issues 3 Pull requests 2 Actions Packages Projects Releases 4 Wiki Activity
anotherim/src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlMessage.java

321 lines
11 KiB
Java
Raw Normal View History

CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
package eu.siacs.conversations.crypto.axolotl;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import android.util.Base64;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
import android.util.Log;
properly handle key transport messages. use prekeyparsing only when that attribute is set
2018-01-18 19:58:55 +00:00
import android.util.SparseArray;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
Optimize imports
2015-07-20 12:26:29 +00:00
import java.security.NoSuchAlgorithmException;
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
import java.util.ArrayList;
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
import java.util.List;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
import eu.siacs.conversations.Config;
do not use BC provider on android 22+
2018-09-17 15:47:36 +00:00
import eu.siacs.conversations.utils.Compatibility;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import eu.siacs.conversations.xml.Element;
migrate to xmpp-addr
2018-03-05 17:30:40 +00:00
import rocks.xmpp.addr.Jid;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
public class XmppAxolotlMessage {
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public static final String CONTAINERTAG = "encrypted";
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
private static final String HEADER = "header";
private static final String SOURCEID = "sid";
private static final String KEYTAG = "key";
private static final String REMOTEID = "rid";
private static final String IVTAG = "iv";
private static final String PAYLOAD = "payload";
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
private static final String KEYTYPE = "AES";
private static final String CIPHERMODE = "AES/GCM/NoPadding";
private static final String PROVIDER = "BC";
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
private byte[] innerKey;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
private byte[] ciphertext = null;
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
private byte[] authtagPlusInnerKey = null;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
private byte[] iv = null;
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
private final List<XmppAxolotlSession.AxolotlKey> keys;
Properly track message sender Previously, the sender was assumed to be the conversation counterpart. This broke carboned own-device messages. We now track the sender properly, and also set the status (sent by one of the own devices vs received from the counterpart) accordingly.
2015-07-03 11:27:35 +00:00
private final Jid from;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
private final int sourceDeviceId;
public static class XmppAxolotlPlaintextMessage {
private final String plaintext;
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
private final String fingerprint;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
XmppAxolotlPlaintextMessage(String plaintext, String fingerprint) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
this.plaintext = plaintext;
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
this.fingerprint = fingerprint;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
public String getPlaintext() {
return plaintext;
}
Tag messages with originating session This can be used later in order to display trust status of messages, as well as for potential resending of messages in case of preKey conflicts.
2015-06-29 12:25:23 +00:00
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
public String getFingerprint() {
return fingerprint;
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
public static class XmppAxolotlKeyTransportMessage {
private final String fingerprint;
private final byte[] key;
private final byte[] iv;
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
XmppAxolotlKeyTransportMessage(String fingerprint, byte[] key, byte[] iv) {
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
this.fingerprint = fingerprint;
this.key = key;
this.iv = iv;
}
public String getFingerprint() {
return fingerprint;
}
public byte[] getKey() {
return key;
}
public byte[] getIv() {
return iv;
}
}
figure out fallbacks with omemo source id
2018-03-22 12:26:35 +00:00
public static int parseSourceId(final Element axolotlMessage) throws IllegalArgumentException {
final Element header = axolotlMessage.findChild(HEADER);
if (header == null) {
throw new IllegalArgumentException("No header found");
}
try {
return Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
Properly track message sender Previously, the sender was assumed to be the conversation counterpart. This broke carboned own-device messages. We now track the sender properly, and also set the status (sent by one of the own devices vs received from the counterpart) accordingly.
2015-07-03 11:27:35 +00:00
this.from = from;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
Element header = axolotlMessage.findChild(HEADER);
be more careful parsing integers in omemo
2016-10-06 20:05:18 +00:00
try {
this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
} catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid source id");
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
List<Element> keyElements = header.getChildren();
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
this.keys = new ArrayList<>();
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
for (Element keyElement : keyElements) {
Reformat code
2015-07-31 16:05:32 +00:00
switch (keyElement.getName()) {
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
case KEYTAG:
try {
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
don't crash on broken base64 in omemo messages. fixes #1934
2016-06-29 15:18:57 +00:00
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
adding prekey='true' to omemo messages if applicable
2017-01-09 19:20:02 +00:00
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key,isPreKey));
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
} catch (NumberFormatException e) {
be more careful parsing integers in omemo
2016-10-06 20:05:18 +00:00
throw new IllegalArgumentException("invalid remote id");
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
break;
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
case IVTAG:
Reformat code
2015-07-31 16:05:32 +00:00
if (this.iv != null) {
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
throw new IllegalArgumentException("Duplicate iv entry");
}
don't crash on broken base64 in omemo messages. fixes #1934
2016-06-29 15:18:57 +00:00
iv = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
break;
default:
Reformat code
2015-07-31 16:05:32 +00:00
Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
break;
}
}
show language in message bubble if multiple language variants were received XML and by inheritence XMPP has the feature of transmitting multiple language variants for the same content. This can be really useful if, for example, you are talking to an automated system. A chat bot could greet you in your own language. On the wire this will usually look like this: ```xml <message to="you"> <body>Good morning</body> <body xml:lang="de">Guten Morgen</body> </message> ``` However receiving such a message in a group chat can be very confusing and potentially dangerous if the sender puts conflicting information in there and different people get shown different strings. Disabeling support for localization entirely isn’t an ideal solution as on principle it is still a good feature; and other clients might still show a localization even if Conversations would always show the default language. So instead Conversations now shows the displayed language in a corner of the message bubble if more than one translation has been received. If multiple languages are received Conversations will attempt to find one in the language the operating system is set to. If no such translation can be found it will attempt to display the English string. If English can not be found either (for example a message that only has ru and fr on a phone that is set to de) it will display what ever language came first. Furthermore Conversations will discard (not show at all) messages with with multiple bodies of the same language. (This is considered an invalid message) The lanuage tag will not be shown if Conversations received a single body in a language not understood by the user. (For example operating system set to 'de' and message received with one body in 'ru' will just display that body as usual.) As a guide line to the user: If you are reading a message where it is important that this message is not interpreted differently by different people (like a vote (+1 / -1) in a chat room) make sure it has *no* language tag.
2019-09-12 08:12:47 +00:00
Element payloadElement = axolotlMessage.findChild(PAYLOAD); //TODO make sure we only have _one_ paypload
Reformat code
2015-07-31 16:05:32 +00:00
if (payloadElement != null) {
don't crash on broken base64 in omemo messages. fixes #1934
2016-06-29 15:18:57 +00:00
ciphertext = Base64.decode(payloadElement.getContent().trim(), Base64.DEFAULT);
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
Properly track message sender Previously, the sender was assumed to be the conversation counterpart. This broke carboned own-device messages. We now track the sender properly, and also set the status (sent by one of the own devices vs received from the counterpart) accordingly.
2015-07-03 11:27:35 +00:00
this.from = from;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
this.sourceDeviceId = sourceDeviceId;
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
this.keys = new ArrayList<>();
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
this.iv = generateIv();
this.innerKey = generateKey();
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public static XmppAxolotlMessage fromElement(Element element, Jid from) {
return new XmppAxolotlMessage(element, from);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
private static byte[] generateKey() {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
try {
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
generator.init(128);
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
return generator.generateKey().getEncoded();
} catch (NoSuchAlgorithmException e) {
Log.e(Config.LOGTAG, e.getMessage());
return null;
}
}
private static byte[] generateIv() {
SecureRandom random = new SecureRandom();
revert 12 byte ivs that got commited by accident
2018-11-21 15:44:24 +00:00
byte[] iv = new byte[16];
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
random.nextBytes(iv);
return iv;
}
properly handle key transport messages. use prekeyparsing only when that attribute is set
2018-01-18 19:58:55 +00:00
public boolean hasPayload() {
return ciphertext != null;
}
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
void encrypt(String plaintext) throws CryptoFailedException {
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
try {
SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
IvParameterSpec ivSpec = new IvParameterSpec(iv);
use bouncycastle provider up to api 27 apparently using conscrypt on Android below version 7? throws an exception when using 16 byte IVs. so we now use BC when ever possible (excluding api 28) we don’t know why Conscrypt behaves differently on various android versions
2018-10-11 02:36:32 +00:00
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
added omemo padding but disabled by Config.java flag
2016-12-20 15:12:12 +00:00
this.ciphertext = cipher.doFinal(Config.OMEMO_PADDING ? getPaddedBytes(plaintext) : plaintext.getBytes());
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
if (Config.PUT_AUTH_TAG_INTO_KEY && this.ciphertext != null) {
this.authtagPlusInnerKey = new byte[16+16];
byte[] ciphertext = new byte[this.ciphertext.length - 16];
System.arraycopy(this.ciphertext,0,ciphertext,0,ciphertext.length);
System.arraycopy(this.ciphertext,ciphertext.length,authtagPlusInnerKey,16,16);
System.arraycopy(this.innerKey,0,authtagPlusInnerKey,0,this.innerKey.length);
this.ciphertext = ciphertext;
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
| InvalidAlgorithmParameterException e) {
throw new CryptoFailedException(e);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
}
added omemo padding but disabled by Config.java flag
2016-12-20 15:12:12 +00:00
private static byte[] getPaddedBytes(String plaintext) {
int plainLength = plaintext.getBytes().length;
int pad = Math.max(64,(plainLength / 32 + 1) * 32) - plainLength;
SecureRandom random = new SecureRandom();
int left = random.nextInt(pad);
int right = pad - left;
StringBuilder builder = new StringBuilder(plaintext);
for(int i = 0; i < left; ++i) {
builder.insert(0,random.nextBoolean() ? "\t" : " ");
}
for(int i = 0; i < right; ++i) {
builder.append(random.nextBoolean() ? "\t" : " ");
}
return builder.toString().getBytes();
}
Properly track message sender Previously, the sender was assumed to be the conversation counterpart. This broke carboned own-device messages. We now track the sender properly, and also set the status (sent by one of the own devices vs received from the counterpart) accordingly.
2015-07-03 11:27:35 +00:00
public Jid getFrom() {
return this.from;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
make session completion work with untrusted devices as well
2018-05-09 07:24:31 +00:00
int getSenderDeviceId() {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
return sourceDeviceId;
}
make session completion work with untrusted devices as well
2018-05-09 07:24:31 +00:00
void addDevice(XmppAxolotlSession session) {
addDevice(session, false);
}
void addDevice(XmppAxolotlSession session, boolean ignoreSessionTrust) {
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
XmppAxolotlSession.AxolotlKey key;
if (authtagPlusInnerKey != null) {
make session completion work with untrusted devices as well
2018-05-09 07:24:31 +00:00
key = session.processSending(authtagPlusInnerKey, ignoreSessionTrust);
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
} else {
make session completion work with untrusted devices as well
2018-05-09 07:24:31 +00:00
key = session.processSending(innerKey, ignoreSessionTrust);
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
if (key != null) {
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
keys.add(key);
Add purge axolotl key option Can now long-press a key to permanently purge it.
2015-07-20 20:18:24 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Reformat code
2015-07-31 16:05:32 +00:00
public byte[] getInnerKey() {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
return innerKey;
}
public byte[] getIV() {
return this.iv;
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public Element toElement() {
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
Element headerElement = encryptionElement.addChild(HEADER);
headerElement.setAttribute(SOURCEID, sourceDeviceId);
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
for(XmppAxolotlSession.AxolotlKey key : keys) {
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
Element keyElement = new Element(KEYTAG);
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
keyElement.setAttribute(REMOTEID, key.deviceId);
if (key.prekey) {
adding prekey='true' to omemo messages if applicable
2017-01-09 19:20:02 +00:00
keyElement.setAttribute("prekey","true");
}
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
headerElement.addChild(keyElement);
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
}
use base64.nowrap for omemo keys
2016-11-17 09:58:44 +00:00
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
Reformat code
2015-07-31 16:05:32 +00:00
if (ciphertext != null) {
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
Element payload = encryptionElement.addChild(PAYLOAD);
use base64.nowrap for omemo keys
2016-11-17 09:58:44 +00:00
payload.setContent(Base64.encodeToString(ciphertext, Base64.NO_WRAP));
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Change to new wire protocol version
2015-07-31 15:59:41 +00:00
return encryptionElement;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
partially improved logging for receiving omemo messages
2017-01-14 17:10:04 +00:00
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
for(XmppAxolotlSession.AxolotlKey key : keys) {
if (key.deviceId == sourceDeviceId) {
possibleKeys.add(key);
}
}
if (possibleKeys.size() == 0) {
create dedicated exception for not encrypted for this device
2018-04-04 07:11:53 +00:00
throw new NotEncryptedForThisDeviceException();
partially improved logging for receiving omemo messages
2017-01-14 17:10:04 +00:00
}
handle decrypting/encrypting of omemo messages with duplicate device ids
2019-01-05 14:34:19 +00:00
return session.processReceiving(possibleKeys);
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
go back to 16 byte IVs for OMEMO clients like Dino can’t handle 12 byte IVs
2018-10-04 20:32:37 +00:00
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
partially improved logging for receiving omemo messages
2017-01-14 17:10:04 +00:00
return new XmppAxolotlKeyTransportMessage(session.getFingerprint(), unpackKey(session, sourceDeviceId), getIV());
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
XmppAxolotlPlaintextMessage plaintextMessage = null;
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
byte[] key = unpackKey(session, sourceDeviceId);
if (key != null) {
try {
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 20:47:07 +00:00
if (key.length >= 32) {
int authtaglength = key.length - 16;
Log.d(Config.LOGTAG,"found auth tag as part of omemo key");
byte[] newCipherText = new byte[key.length - 16 + ciphertext.length];
byte[] newKey = new byte[16];
System.arraycopy(ciphertext, 0, newCipherText, 0, ciphertext.length);
System.arraycopy(key, 16, newCipherText, ciphertext.length, authtaglength);
System.arraycopy(key,0,newKey,0,newKey.length);
ciphertext = newCipherText;
key = newKey;
}
use bouncycastle provider up to api 27 apparently using conscrypt on Android below version 7? throws an exception when using 16 byte IVs. so we now use BC when ever possible (excluding api 28) we don’t know why Conscrypt behaves differently on various android versions
2018-10-11 02:36:32 +00:00
Cipher cipher = Compatibility.twentyEight() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER);
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
String plaintext = new String(cipher.doFinal(ciphertext));
added omemo padding but disabled by Config.java flag
2016-12-20 15:12:12 +00:00
plaintextMessage = new XmppAxolotlPlaintextMessage(Config.OMEMO_PADDING ? plaintext.trim() : plaintext, session.getFingerprint());
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
| InvalidAlgorithmParameterException | IllegalBlockSizeException
| BadPaddingException | NoSuchProviderException e) {
throw new CryptoFailedException(e);
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
return plaintextMessage;
}
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
}
Reference in a new issue Copy permalink