narayana/conversations-classic
3
2
Fork 0
Code Issues 3 Pull requests 2 Actions Packages Projects Releases 4 Wiki Activity
conversations-classic/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java

729 lines
29 KiB
Java
Raw Normal View History

CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
package eu.siacs.conversations.crypto.axolotl;
Return empty set on invalid PEP devicelist
2015-07-05 20:53:34 +00:00
import android.support.annotation.NonNull;
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
import android.support.annotation.Nullable;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import android.util.Log;
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
import org.bouncycastle.jce.provider.BouncyCastleProvider;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import org.whispersystems.libaxolotl.AxolotlAddress;
import org.whispersystems.libaxolotl.IdentityKey;
import org.whispersystems.libaxolotl.IdentityKeyPair;
import org.whispersystems.libaxolotl.InvalidKeyException;
import org.whispersystems.libaxolotl.InvalidKeyIdException;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import org.whispersystems.libaxolotl.SessionBuilder;
import org.whispersystems.libaxolotl.UntrustedIdentityException;
import org.whispersystems.libaxolotl.ecc.ECPublicKey;
import org.whispersystems.libaxolotl.state.PreKeyBundle;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import org.whispersystems.libaxolotl.state.PreKeyRecord;
import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
import org.whispersystems.libaxolotl.util.KeyHelper;
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
import java.security.Security;
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
import java.util.Arrays;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import java.util.HashMap;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import java.util.HashSet;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import java.util.List;
import java.util.Map;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import java.util.Random;
import java.util.Set;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;
Reworked axolotl protocol layer Numerous fixes
2015-06-25 14:56:34 +00:00
import eu.siacs.conversations.entities.Contact;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import eu.siacs.conversations.entities.Conversation;
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
import eu.siacs.conversations.entities.Message;
Added PEP and message protocol layers Can now fetch/retrieve from PEP, as well as encode/decode messages
2015-06-25 14:58:24 +00:00
import eu.siacs.conversations.parser.IqParser;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import eu.siacs.conversations.services.XmppConnectionService;
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
import eu.siacs.conversations.utils.SerialSingleThreadExecutor;
Added PEP and message protocol layers Can now fetch/retrieve from PEP, as well as encode/decode messages
2015-06-25 14:58:24 +00:00
import eu.siacs.conversations.xml.Element;
import eu.siacs.conversations.xmpp.OnIqPacketReceived;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
import eu.siacs.conversations.xmpp.jid.Jid;
Added PEP and message protocol layers Can now fetch/retrieve from PEP, as well as encode/decode messages
2015-06-25 14:58:24 +00:00
import eu.siacs.conversations.xmpp.stanzas.IqPacket;
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
public class AxolotlService {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
public static final String PEP_PREFIX = "eu.siacs.conversations.axolotl";
public static final String PEP_DEVICE_LIST = PEP_PREFIX + ".devicelist";
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
public static final String PEP_BUNDLES = PEP_PREFIX + ".bundles";
Clean up logging Add a fixed prefix to axolotl-related log messages, set log levels sensibly.
2015-07-08 15:44:24 +00:00
public static final String LOGPREFIX = "AxolotlService";
Increase number of published prekeys for release
2015-08-07 10:28:45 +00:00
public static final int NUM_KEYS_TO_PUBLISH = 100;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
private final Account account;
private final XmppConnectionService mXmppConnectionService;
private final SQLiteAxolotlStore axolotlStore;
private final SessionMap sessions;
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
private final Map<Jid, Set<Integer>> deviceIds;
Refactor axolotl send processing/caching flow
2015-07-20 21:13:28 +00:00
private final Map<String, XmppAxolotlMessage> messageCache;
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
private final FetchStatusMap fetchStatusMap;
private final SerialSingleThreadExecutor executor;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
private static class AxolotlAddressMap<T> {
Formatting fixes
2015-06-29 11:55:45 +00:00
protected Map<String, Map<Integer, T>> map;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
protected final Object MAP_LOCK = new Object();
public AxolotlAddressMap() {
this.map = new HashMap<>();
}
public void put(AxolotlAddress address, T value) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
if (devices == null) {
devices = new HashMap<>();
map.put(address.getName(), devices);
}
devices.put(address.getDeviceId(), value);
}
}
public T get(AxolotlAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
Formatting fixes
2015-06-29 11:55:45 +00:00
if (devices == null) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
return null;
}
return devices.get(address.getDeviceId());
}
}
public Map<Integer, T> getAll(AxolotlAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
Formatting fixes
2015-06-29 11:55:45 +00:00
if (devices == null) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
return new HashMap<>();
}
return devices;
}
}
public boolean hasAny(AxolotlAddress address) {
synchronized (MAP_LOCK) {
Map<Integer, T> devices = map.get(address.getName());
return devices != null && !devices.isEmpty();
}
}
Fix and expand key regeneration function Wipe session cache to prevent stale sessions being used. Wipe fetch status cache to enable recreation of sessions. Regenerate deviceId, so that foreign devices will talk to us again.
2015-07-10 00:18:01 +00:00
public void clear() {
map.clear();
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
private final XmppConnectionService xmppConnectionService;
private final Account account;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
public SessionMap(XmppConnectionService service, SQLiteAxolotlStore store, Account account) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
super();
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
this.xmppConnectionService = service;
this.account = account;
this.fillMap(store);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Fill own device sessions into SessionMap
2015-07-21 11:51:15 +00:00
private void putDevicesForJid(String bareJid, List<Integer> deviceIds, SQLiteAxolotlStore store) {
for (Integer deviceId : deviceIds) {
AxolotlAddress axolotlAddress = new AxolotlAddress(bareJid, deviceId);
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building session for remote address: " + axolotlAddress.toString());
Fill own device sessions into SessionMap
2015-07-21 11:51:15 +00:00
String fingerprint = store.loadSession(axolotlAddress).getSessionState().getRemoteIdentityKey().getFingerprint().replaceAll("\\s", "");
this.put(axolotlAddress, new XmppAxolotlSession(account, store, axolotlAddress, fingerprint));
}
}
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
private void fillMap(SQLiteAxolotlStore store) {
Fill own device sessions into SessionMap
2015-07-21 11:51:15 +00:00
List<Integer> deviceIds = store.getSubDeviceSessions(account.getJid().toBareJid().toString());
putDevicesForJid(account.getJid().toBareJid().toString(), deviceIds, store);
Formatting fixes
2015-06-29 11:55:45 +00:00
for (Contact contact : account.getRoster().getContacts()) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Jid bareJid = contact.getJid().toBareJid();
Formatting fixes
2015-06-29 11:55:45 +00:00
if (bareJid == null) {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
continue; // FIXME: handle this?
}
String address = bareJid.toString();
Fill own device sessions into SessionMap
2015-07-21 11:51:15 +00:00
deviceIds = store.getSubDeviceSessions(address);
putDevicesForJid(address, deviceIds, store);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Fill own device sessions into SessionMap
2015-07-21 11:51:15 +00:00
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
@Override
public void put(AxolotlAddress address, XmppAxolotlSession value) {
super.put(address, value);
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
value.setNotFresh();
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
xmppConnectionService.syncRosterToDisk(account);
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
public void put(XmppAxolotlSession session) {
this.put(session.getRemoteAddress(), session);
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
private static enum FetchStatus {
PENDING,
SUCCESS,
ERROR
}
private static class FetchStatusMap extends AxolotlAddressMap<FetchStatus> {
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Reformat code
2015-07-31 16:05:32 +00:00
Clean up logging Add a fixed prefix to axolotl-related log messages, set log levels sensibly.
2015-07-08 15:44:24 +00:00
public static String getLogprefix(Account account) {
Reformat code
2015-07-31 16:05:32 +00:00
return LOGPREFIX + " (" + account.getJid().toBareJid().toString() + "): ";
Clean up logging Add a fixed prefix to axolotl-related log messages, set log levels sensibly.
2015-07-08 15:44:24 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
public AxolotlService(Account account, XmppConnectionService connectionService) {
Switch payload encryption to AES-GCM This also ensures that the IV is generated with proper randomness.
2015-07-20 23:15:32 +00:00
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
this.mXmppConnectionService = connectionService;
this.account = account;
this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
this.deviceIds = new HashMap<>();
Fix asynchronous axolotl message sending XmppConnectionService.sendMessage() now dispatches messages to the AxolotlService, where they only are prepared for sending and cached. AxolotlService now triggers a XmppConnectionService.resendMessage(), which then handles sending the cached message packet. This transparently fixes, e.g., handling of messages sent while we are offline.
2015-07-03 11:31:14 +00:00
this.messageCache = new HashMap<>();
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
this.sessions = new SessionMap(mXmppConnectionService, axolotlStore, account);
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
this.fetchStatusMap = new FetchStatusMap();
this.executor = new SerialSingleThreadExecutor();
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
public IdentityKey getOwnPublicKey() {
return axolotlStore.getIdentityKeyPair().getPublicKey();
}
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
public Set<IdentityKey> getKeysWithTrust(XmppAxolotlSession.Trust trust) {
Refactor out inner classes, cache trust store Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes. IdentityKeys trust statuses are now cached in an LruCache to prevent hammering the database when rendering the UI.
2015-07-28 20:00:54 +00:00
return axolotlStore.getContactKeysWithTrust(account.getJid().toBareJid().toString(), trust);
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
}
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
public Set<IdentityKey> getKeysWithTrust(XmppAxolotlSession.Trust trust, Contact contact) {
Refactor out inner classes, cache trust store Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes. IdentityKeys trust statuses are now cached in an LruCache to prevent hammering the database when rendering the UI.
2015-07-28 20:00:54 +00:00
return axolotlStore.getContactKeysWithTrust(contact.getJid().toBareJid().toString(), trust);
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
}
Lock TrustKeys if no trusted keys are available
2015-07-20 12:56:41 +00:00
public long getNumTrustedKeys(Contact contact) {
return axolotlStore.getContactNumTrustedKeys(contact.getJid().toBareJid().toString());
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
private AxolotlAddress getAddressForJid(Jid jid) {
return new AxolotlAddress(jid.toString(), 0);
}
private Set<XmppAxolotlSession> findOwnSessions() {
Use bareJid for own session retrieval
2015-06-29 12:19:17 +00:00
AxolotlAddress ownAddress = getAddressForJid(account.getJid().toBareJid());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Set<XmppAxolotlSession> ownDeviceSessions = new HashSet<>(this.sessions.getAll(ownAddress).values());
return ownDeviceSessions;
}
private Set<XmppAxolotlSession> findSessionsforContact(Contact contact) {
AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
Set<XmppAxolotlSession> sessions = new HashSet<>(this.sessions.getAll(contactAddress).values());
return sessions;
}
private boolean hasAny(Contact contact) {
AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
return sessions.hasAny(contactAddress);
}
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
public void regenerateKeys() {
axolotlStore.regenerate();
Fix and expand key regeneration function Wipe session cache to prevent stale sessions being used. Wipe fetch status cache to enable recreation of sessions. Regenerate deviceId, so that foreign devices will talk to us again.
2015-07-10 00:18:01 +00:00
sessions.clear();
fetchStatusMap.clear();
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
publishBundlesIfNeeded();
Fix and expand key regeneration function Wipe session cache to prevent stale sessions being used. Wipe fetch status cache to enable recreation of sessions. Regenerate deviceId, so that foreign devices will talk to us again.
2015-07-10 00:18:01 +00:00
publishOwnDeviceIdIfNeeded();
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
public int getOwnDeviceId() {
Refactor out inner classes, cache trust store Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes. IdentityKeys trust statuses are now cached in an LruCache to prevent hammering the database when rendering the UI.
2015-07-28 20:00:54 +00:00
return axolotlStore.getLocalRegistrationId();
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
public Set<Integer> getOwnDeviceIds() {
return this.deviceIds.get(account.getJid().toBareJid());
}
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
private void setTrustOnSessions(final Jid jid, @NonNull final Set<Integer> deviceIds,
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
final XmppAxolotlSession.Trust from,
final XmppAxolotlSession.Trust to) {
Reformat code
2015-07-31 16:05:32 +00:00
for (Integer deviceId : deviceIds) {
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
AxolotlAddress address = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
XmppAxolotlSession session = sessions.get(address);
if (session != null && session.getFingerprint() != null
&& session.getTrust() == from) {
session.setTrust(to);
}
}
}
Return empty set on invalid PEP devicelist
2015-07-05 20:53:34 +00:00
public void registerDevices(final Jid jid, @NonNull final Set<Integer> deviceIds) {
Reformat code
2015-07-31 16:05:32 +00:00
if (jid.toBareJid().equals(account.getJid().toBareJid())) {
Always build own device session automatically
2015-07-22 13:02:53 +00:00
if (deviceIds.contains(getOwnDeviceId())) {
deviceIds.remove(getOwnDeviceId());
}
Reformat code
2015-07-31 16:05:32 +00:00
for (Integer deviceId : deviceIds) {
AxolotlAddress ownDeviceAddress = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
if (sessions.get(ownDeviceAddress) == null) {
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
buildSessionFromPEP(ownDeviceAddress);
Always build own device session automatically
2015-07-22 13:02:53 +00:00
}
}
Fix devicelist update handling No longer store own device ID (so that we don't encrypt messages for ourselves), verify that own device ID is present in update list (otherwise republish), reflect update in UI.
2015-07-07 17:32:52 +00:00
}
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
Set<Integer> expiredDevices = new HashSet<>(axolotlStore.getSubDeviceSessions(jid.toBareJid().toString()));
expiredDevices.removeAll(deviceIds);
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.TRUSTED,
XmppAxolotlSession.Trust.INACTIVE_TRUSTED);
setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNDECIDED,
XmppAxolotlSession.Trust.INACTIVE_UNDECIDED);
setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNTRUSTED,
XmppAxolotlSession.Trust.INACTIVE_UNTRUSTED);
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
Set<Integer> newDevices = new HashSet<>(deviceIds);
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_TRUSTED,
XmppAxolotlSession.Trust.TRUSTED);
setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNDECIDED,
XmppAxolotlSession.Trust.UNDECIDED);
setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNTRUSTED,
XmppAxolotlSession.Trust.UNTRUSTED);
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
this.deviceIds.put(jid, deviceIds);
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
mXmppConnectionService.keyStatusUpdated();
Fix devicelist update handling No longer store own device ID (so that we don't encrypt messages for ourselves), verify that own device ID is present in update list (otherwise republish), reflect update in UI.
2015-07-07 17:32:52 +00:00
publishOwnDeviceIdIfNeeded();
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
public void wipeOtherPepDevices() {
Set<Integer> deviceIds = new HashSet<>();
deviceIds.add(getOwnDeviceId());
IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Wiping all other devices from Pep:" + publish);
Add basic PEP managemend UI to EditAccountActivity EditAccountActivity now show own fingerprint, and gives an option to regenerate local keying material (and wipe all sessions associated with the old keys in the process). It also now displays a list of other own devices, and gives an option to remove all but the current device.
2015-07-07 17:36:22 +00:00
mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
// TODO: implement this!
}
});
}
Add purge axolotl key option Can now long-press a key to permanently purge it.
2015-07-20 20:18:24 +00:00
public void purgeKey(IdentityKey identityKey) {
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
axolotlStore.setFingerprintTrust(identityKey.getFingerprint().replaceAll("\\s", ""), XmppAxolotlSession.Trust.COMPROMISED);
Add purge axolotl key option Can now long-press a key to permanently purge it.
2015-07-20 20:18:24 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
public void publishOwnDeviceIdIfNeeded() {
IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveDeviceIds(account.getJid().toBareJid());
mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
if (packet.getType() == IqPacket.TYPE.RESULT) {
Element item = mXmppConnectionService.getIqParser().getItem(packet);
Set<Integer> deviceIds = mXmppConnectionService.getIqParser().deviceIds(item);
if (deviceIds == null) {
deviceIds = new HashSet<Integer>();
}
if (!deviceIds.contains(getOwnDeviceId())) {
deviceIds.add(getOwnDeviceId());
IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Own device " + getOwnDeviceId() + " not in PEP devicelist. Publishing: " + publish);
mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
// TODO: implement this!
}
});
}
} else {
Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing device ID:" + packet.findChild("error"));
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
}
});
}
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
public void publishBundlesIfNeeded() {
Fix and expand key regeneration function Wipe session cache to prevent stale sessions being used. Wipe fetch status cache to enable recreation of sessions. Regenerate deviceId, so that foreign devices will talk to us again.
2015-07-10 00:18:01 +00:00
IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), getOwnDeviceId());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
if (packet.getType() == IqPacket.TYPE.RESULT) {
PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet);
Map<Integer, ECPublicKey> keys = mXmppConnectionService.getIqParser().preKeyPublics(packet);
boolean flush = false;
if (bundle == null) {
Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid bundle:" + packet);
bundle = new PreKeyBundle(-1, -1, -1, null, -1, null, null, null);
flush = true;
}
if (keys == null) {
Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid prekeys:" + packet);
Rework PEP content verification Now checks which part(s) are out of sync w/ local storage, and updates only those, rather than assuming the entire node corrupt and overwriting it all (especially relevant for preKey list)
2015-07-03 11:20:27 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
try {
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
boolean changed = false;
// Validate IdentityKey
IdentityKeyPair identityKeyPair = axolotlStore.getIdentityKeyPair();
if (flush || !identityKeyPair.getPublicKey().equals(bundle.getIdentityKey())) {
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding own IdentityKey " + identityKeyPair.getPublicKey() + " to PEP.");
changed = true;
}
// Validate signedPreKeyRecord + ID
SignedPreKeyRecord signedPreKeyRecord;
int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size();
try {
signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId());
if (flush
|| !bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())
|| !Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())) {
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
changed = true;
}
} catch (InvalidKeyIdException e) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
Rework PEP content verification Now checks which part(s) are out of sync w/ local storage, and updates only those, rather than assuming the entire node corrupt and overwriting it all (especially relevant for preKey list)
2015-07-03 11:20:27 +00:00
signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
changed = true;
}
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
// Validate PreKeys
Set<PreKeyRecord> preKeyRecords = new HashSet<>();
if (keys != null) {
for (Integer id : keys.keySet()) {
try {
PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id);
if (preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) {
preKeyRecords.add(preKeyRecord);
}
} catch (InvalidKeyIdException ignored) {
Rework PEP content verification Now checks which part(s) are out of sync w/ local storage, and updates only those, rather than assuming the entire node corrupt and overwriting it all (especially relevant for preKey list)
2015-07-03 11:20:27 +00:00
}
}
}
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
int newKeys = NUM_KEYS_TO_PUBLISH - preKeyRecords.size();
if (newKeys > 0) {
List<PreKeyRecord> newRecords = KeyHelper.generatePreKeys(
axolotlStore.getCurrentPreKeyId() + 1, newKeys);
preKeyRecords.addAll(newRecords);
for (PreKeyRecord record : newRecords) {
axolotlStore.storePreKey(record.getId(), record);
}
changed = true;
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding " + newKeys + " new preKeys to PEP.");
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
}
Rework PEP content verification Now checks which part(s) are out of sync w/ local storage, and updates only those, rather than assuming the entire node corrupt and overwriting it all (especially relevant for preKey list)
2015-07-03 11:20:27 +00:00
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
if (changed) {
IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
preKeyRecords, getOwnDeviceId());
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing: " + publish);
mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
// TODO: implement this!
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Published bundle, got: " + packet);
}
});
}
} catch (InvalidKeyException e) {
Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage());
return;
Rework PEP content verification Now checks which part(s) are out of sync w/ local storage, and updates only those, rather than assuming the entire node corrupt and overwriting it all (especially relevant for preKey list)
2015-07-03 11:20:27 +00:00
}
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
} else {
Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing Bundle:" + packet.findChild("error"));
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
}
});
}
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
public boolean isContactAxolotlCapable(Contact contact) {
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
Jid jid = contact.getJid().toBareJid();
AxolotlAddress address = new AxolotlAddress(jid.toString(), 0);
return sessions.hasAny(address) ||
Reformat code
2015-07-31 16:05:32 +00:00
(deviceIds.containsKey(jid) && !deviceIds.get(jid).isEmpty());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Reformat code
2015-07-31 16:05:32 +00:00
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
public XmppAxolotlSession.Trust getFingerprintTrust(String fingerprint) {
Fix trust status for outgoing messages Tag sent messages with own fingerprint, set own fingerprint as always trusted, include own fingerprint in database trust search, explicitly reset trust colorfilter
2015-07-15 14:32:42 +00:00
return axolotlStore.getFingerprintTrust(fingerprint);
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
}
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 16:27:52 +00:00
public void setFingerprintTrust(String fingerprint, XmppAxolotlSession.Trust trust) {
Fix trust status for outgoing messages Tag sent messages with own fingerprint, set own fingerprint as always trusted, include own fingerprint in database trust search, explicitly reset trust colorfilter
2015-07-15 14:32:42 +00:00
axolotlStore.setFingerprintTrust(fingerprint, trust);
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
private void buildSessionFromPEP(final AxolotlAddress address) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building new sesstion for " + address.getDeviceId());
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
try {
IqPacket bundlesPacket = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(
Jid.fromString(address.getName()), address.getDeviceId());
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Retrieving bundle: " + bundlesPacket);
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
mXmppConnectionService.sendIqPacket(account, bundlesPacket, new OnIqPacketReceived() {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
private void finish() {
Reformat code
2015-07-31 16:05:32 +00:00
AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
if (!fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
Always build own device session automatically
2015-07-22 13:02:53 +00:00
&& !fetchStatusMap.getAll(address).containsValue(FetchStatus.PENDING)) {
Add INACTIVE state for removed keys We introduce a new trust state: INACTIVE. This state is intended for old keys that have been removed. When a TRUSTED device is removed from the PEP devicelist, it's status will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed out, non-interactible key rows. Messages are not encrypted for INACTIVE devices. When an INACTIVE device reappears in PEP, or a message is received from an INACTIVE device, it is set back to trusted.
2015-07-21 12:18:16 +00:00
mXmppConnectionService.keyStatusUpdated();
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
}
}
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
if (packet.getType() == IqPacket.TYPE.RESULT) {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received preKey IQ packet, processing...");
final IqParser parser = mXmppConnectionService.getIqParser();
final List<PreKeyBundle> preKeyBundleList = parser.preKeys(packet);
final PreKeyBundle bundle = parser.bundle(packet);
if (preKeyBundleList.isEmpty() || bundle == null) {
Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "preKey IQ packet invalid: " + packet);
fetchStatusMap.put(address, FetchStatus.ERROR);
finish();
return;
}
Random random = new Random();
final PreKeyBundle preKey = preKeyBundleList.get(random.nextInt(preKeyBundleList.size()));
if (preKey == null) {
//should never happen
fetchStatusMap.put(address, FetchStatus.ERROR);
finish();
return;
}
final PreKeyBundle preKeyBundle = new PreKeyBundle(0, address.getDeviceId(),
preKey.getPreKeyId(), preKey.getPreKey(),
bundle.getSignedPreKeyId(), bundle.getSignedPreKey(),
bundle.getSignedPreKeySignature(), bundle.getIdentityKey());
axolotlStore.saveIdentity(address.getName(), bundle.getIdentityKey());
try {
SessionBuilder builder = new SessionBuilder(axolotlStore, address);
builder.process(preKeyBundle);
XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, bundle.getIdentityKey().getFingerprint().replaceAll("\\s", ""));
sessions.put(address, session);
fetchStatusMap.put(address, FetchStatus.SUCCESS);
} catch (UntrustedIdentityException | InvalidKeyException e) {
Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Error building session for " + address + ": "
+ e.getClass().getName() + ", " + e.getMessage());
fetchStatusMap.put(address, FetchStatus.ERROR);
}
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
finish();
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
} else {
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
fetchStatusMap.put(address, FetchStatus.ERROR);
Add error handling to OMEMO PEP code Log received errors and abort processing
2015-08-23 11:23:10 +00:00
Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while building session:" + packet.findChild("error"));
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
finish();
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
return;
}
}
});
} catch (InvalidJidException e) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Got address with invalid jid: " + address.getName());
Migrate to new PEP layout Merge prekeys into bundle node
2015-06-29 12:18:11 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
public Set<AxolotlAddress> findDevicesWithoutSession(final Conversation conversation) {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Finding devices without session for " + conversation.getContact().getJid().toBareJid());
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
Jid contactJid = conversation.getContact().getJid().toBareJid();
Set<AxolotlAddress> addresses = new HashSet<>();
Reformat code
2015-07-31 16:05:32 +00:00
if (deviceIds.get(contactJid) != null) {
for (Integer foreignId : this.deviceIds.get(contactJid)) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
AxolotlAddress address = new AxolotlAddress(contactJid.toString(), foreignId);
Reformat code
2015-07-31 16:05:32 +00:00
if (sessions.get(address) == null) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
Reformat code
2015-07-31 16:05:32 +00:00
if (identityKey != null) {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
sessions.put(address, session);
} else {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + foreignId);
addresses.add(new AxolotlAddress(contactJid.toString(), foreignId));
}
}
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
}
} else {
Overhauled Message tagging Messages are now tagged with the IdentityKey fingerprint of the originating session. IdentityKeys have one of three trust states: undecided (default), trusted, and untrusted/not yet trusted.
2015-07-09 12:23:17 +00:00
Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Have no target devices in PEP!");
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
}
Reformat code
2015-07-31 16:05:32 +00:00
if (deviceIds.get(account.getJid().toBareJid()) != null) {
for (Integer ownId : this.deviceIds.get(account.getJid().toBareJid())) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
AxolotlAddress address = new AxolotlAddress(account.getJid().toBareJid().toString(), ownId);
Reformat code
2015-07-31 16:05:32 +00:00
if (sessions.get(address) == null) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
Reformat code
2015-07-31 16:05:32 +00:00
if (identityKey != null) {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
sessions.put(address, session);
} else {
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + ownId);
addresses.add(new AxolotlAddress(account.getJid().toBareJid().toString(), ownId));
}
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
}
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
return addresses;
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public boolean createSessionsIfNeeded(final Conversation conversation) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Creating axolotl sessions if needed...");
boolean newSessions = false;
Set<AxolotlAddress> addresses = findDevicesWithoutSession(conversation);
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
for (AxolotlAddress address : addresses) {
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Processing device: " + address.toString());
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
FetchStatus status = fetchStatusMap.get(address);
Reformat code
2015-07-31 16:05:32 +00:00
if (status == null || status == FetchStatus.ERROR) {
fetchStatusMap.put(address, FetchStatus.PENDING);
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
this.buildSessionFromPEP(address);
newSessions = true;
} else if (status == FetchStatus.PENDING) {
Reformat code
2015-07-31 16:05:32 +00:00
newSessions = true;
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
} else {
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already fetching bundle for " + address.toString());
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
return newSessions;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
public boolean hasPendingKeyFetches(Conversation conversation) {
Reformat code
2015-07-31 16:05:32 +00:00
AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
AxolotlAddress foreignAddress = new AxolotlAddress(conversation.getJid().toBareJid().toString(), 0);
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
return fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
Reformat code
2015-07-31 16:05:32 +00:00
|| fetchStatusMap.getAll(foreignAddress).containsValue(FetchStatus.PENDING);
Ask for key trust when sending messages If the contact (or the own account) has keys that have UNDECIDED trust, we now drop the user into the new TrustKeysActivity, where they have to decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 16:36:28 +00:00
}
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
@Nullable
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
private XmppAxolotlMessage buildHeader(Contact contact) {
final XmppAxolotlMessage axolotlMessage = new XmppAxolotlMessage(
contact.getJid().toBareJid(), getOwnDeviceId());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
Set<XmppAxolotlSession> contactSessions = findSessionsforContact(contact);
Set<XmppAxolotlSession> ownSessions = findOwnSessions();
if (contactSessions.isEmpty()) {
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
return null;
}
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl foreign keyElements...");
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
for (XmppAxolotlSession session : contactSessions) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
axolotlMessage.addDevice(session);
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl own keyElements...");
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
for (XmppAxolotlSession session : ownSessions) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
axolotlMessage.addDevice(session);
}
return axolotlMessage;
}
@Nullable
public XmppAxolotlMessage encrypt(Message message) {
XmppAxolotlMessage axolotlMessage = buildHeader(message.getContact());
if (axolotlMessage != null) {
final String content;
if (message.hasFileOnRemoteHost()) {
content = message.getFileParams().url.toString();
} else {
content = message.getBody();
}
try {
axolotlMessage.encrypt(content);
} catch (CryptoFailedException e) {
Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to encrypt message: " + e.getMessage());
return null;
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
return axolotlMessage;
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public void preparePayloadMessage(final Message message, final boolean delay) {
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
executor.execute(new Runnable() {
@Override
public void run() {
Refactor axolotl send processing/caching flow
2015-07-20 21:13:28 +00:00
XmppAxolotlMessage axolotlMessage = encrypt(message);
if (axolotlMessage == null) {
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
mXmppConnectionService.markMessage(message, Message.STATUS_SEND_FAILED);
Fix asynchronous axolotl message sending XmppConnectionService.sendMessage() now dispatches messages to the AxolotlService, where they only are prepared for sending and cached. AxolotlService now triggers a XmppConnectionService.resendMessage(), which then handles sending the cached message packet. This transparently fixes, e.g., handling of messages sent while we are offline.
2015-07-03 11:31:14 +00:00
//mXmppConnectionService.updateConversationUi();
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
} else {
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Generated message, caching: " + message.getUuid());
Refactor axolotl send processing/caching flow
2015-07-20 21:13:28 +00:00
messageCache.put(message.getUuid(), axolotlMessage);
Reformat code
2015-07-31 16:05:32 +00:00
mXmppConnectionService.resendMessage(message, delay);
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
}
}
});
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
public void prepareKeyTransportMessage(final Contact contact, final OnMessageCreatedCallback onMessageCreatedCallback) {
executor.execute(new Runnable() {
@Override
public void run() {
XmppAxolotlMessage axolotlMessage = buildHeader(contact);
onMessageCreatedCallback.run(axolotlMessage);
Fix asynchronous axolotl message sending XmppConnectionService.sendMessage() now dispatches messages to the AxolotlService, where they only are prepared for sending and cached. AxolotlService now triggers a XmppConnectionService.resendMessage(), which then handles sending the cached message packet. This transparently fixes, e.g., handling of messages sent while we are offline.
2015-07-03 11:31:14 +00:00
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
});
Fix asynchronous axolotl message sending XmppConnectionService.sendMessage() now dispatches messages to the AxolotlService, where they only are prepared for sending and cached. AxolotlService now triggers a XmppConnectionService.resendMessage(), which then handles sending the cached message packet. This transparently fixes, e.g., handling of messages sent while we are offline.
2015-07-03 11:31:14 +00:00
}
Refactor axolotl send processing/caching flow
2015-07-20 21:13:28 +00:00
public XmppAxolotlMessage fetchAxolotlMessageFromCache(Message message) {
XmppAxolotlMessage axolotlMessage = messageCache.get(message.getUuid());
if (axolotlMessage != null) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache hit: " + message.getUuid());
Fix asynchronous axolotl message sending XmppConnectionService.sendMessage() now dispatches messages to the AxolotlService, where they only are prepared for sending and cached. AxolotlService now triggers a XmppConnectionService.resendMessage(), which then handles sending the cached message packet. This transparently fixes, e.g., handling of messages sent while we are offline.
2015-07-03 11:31:14 +00:00
messageCache.remove(message.getUuid());
} else {
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache miss: " + message.getUuid());
Fetch bundles on-demand, encrypt in background Bundles are now fetched on demand when a session needs to be established. This should lessen the chance of changes to the bundles occuring before they're used, as well as lessen the load of fetching bundles. Also, the message encryption is now done in a background thread, as this can be somewhat costly if many sessions are present. This is probably not going to be an issue in real use, but it's good practice anyway.
2015-06-29 12:22:26 +00:00
}
Refactor axolotl send processing/caching flow
2015-07-20 21:13:28 +00:00
return axolotlMessage;
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
private XmppAxolotlSession recreateUncachedSession(AxolotlAddress address) {
IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
return (identityKey != null)
? new XmppAxolotlSession(account, axolotlStore, address,
identityKey.getFingerprint().replaceAll("\\s", ""))
: null;
}
private XmppAxolotlSession getReceivingSession(XmppAxolotlMessage message) {
Properly track message sender Previously, the sender was assumed to be the conversation counterpart. This broke carboned own-device messages. We now track the sender properly, and also set the status (sent by one of the own devices vs received from the counterpart) accordingly.
2015-07-03 11:27:35 +00:00
AxolotlAddress senderAddress = new AxolotlAddress(message.getFrom().toString(),
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
message.getSenderDeviceId());
XmppAxolotlSession session = sessions.get(senderAddress);
if (session == null) {
Reformat code
2015-07-31 16:05:32 +00:00
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Account: " + account.getJid() + " No axolotl session found while parsing received message " + message);
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
session = recreateUncachedSession(senderAddress);
if (session == null) {
Ensure that available sessions are always used Any time a new session is established, call syncRosterToDisk() to ensure that on subsequent restoreFromDatabase() calls, the roster is actually available. This is important so that initAccountServices() can properly initialize the SessionMap. This prevents a race condition where after adding a new account and initiating sessions with it, if the app is killed (e.g. by reinstall) before triggering a syncRosterToDisk(), subsequent restores will not have the roster available, leading to missing XmppAxolotlSessions in the SessionMap cache. As a result of this, a new session was initiated when sending a new message, and received messages could not be tagged with the originating session's fingerprint. As an added sanity check, go to the database to confirm no records are present before creating fresh XmppAxolotlSession objects (both in the sending and receiving case).
2015-07-10 00:36:29 +00:00
session = new XmppAxolotlSession(account, axolotlStore, senderAddress);
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
return session;
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceivingPayloadMessage(XmppAxolotlMessage message) {
XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null;
XmppAxolotlSession session = getReceivingSession(message);
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
try {
plaintextMessage = message.decrypt(session, getOwnDeviceId());
Integer preKeyId = session.getPreKeyId();
if (preKeyId != null) {
publishBundlesIfNeeded();
session.resetPreKeyId();
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Refactor axolotl message processing workflow XmppAxolotlMessage is now entirely responsible for handling encryption and decryption of messages, only leveraging XmppAxolotlSession as a packing/unpacking primitive for payload keys. Removed pseudo-dead session generation code step from prepareMessage function, as sessions have been created by invoking the TrustKeysActivity for a while now. Added prepareKeyTransportMessage function, which creates a message with no payload. The key that is packed into the header keyElements can then be used for other purposes (e.g. encrypted file transfer).
2015-07-31 19:12:34 +00:00
} catch (CryptoFailedException e) {
Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to decrypt message: " + e.getMessage());
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
if (session.isFresh() && plaintextMessage != null) {
sessions.put(session);
Only cache session if successfully established When receiving a message, only remember the XmppAxolotlSession wrapper if the prospective session was actually established. This prevents us from erroneously adding empty sessions that are never established using received PreKeyWhisperMessages, which would lead to errors if we try to use them for sending.
2015-07-05 20:54:28 +00:00
}
Reformat code to use tabs This really sucks to do it like this. Sorry. :(
2015-06-26 13:41:02 +00:00
return plaintextMessage;
}
Provide process function for key transport message
2015-07-31 21:28:09 +00:00
public XmppAxolotlMessage.XmppAxolotlKeyTransportMessage processReceivingKeyTransportMessage(XmppAxolotlMessage message) {
XmppAxolotlMessage.XmppAxolotlKeyTransportMessage keyTransportMessage = null;
XmppAxolotlSession session = getReceivingSession(message);
keyTransportMessage = message.getParameters(session, getOwnDeviceId());
if (session.isFresh() && keyTransportMessage != null) {
sessions.put(session);
}
return keyTransportMessage;
}
CryptoNext persistance layer mockup Initial sketch of the peripheral storage infrastructure for the new axolotl-based encryption scheme.
2015-05-29 09:17:26 +00:00
}
Reference in a new issue Copy permalink