handle decrypting/encrypting of omemo messages with duplicate device ids
This commit is contained in:
parent
136d1e1905
commit
dac088428c
|
@ -9,6 +9,7 @@ import java.security.InvalidKeyException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import javax.crypto.BadPaddingException;
|
import javax.crypto.BadPaddingException;
|
||||||
|
@ -42,7 +43,7 @@ public class XmppAxolotlMessage {
|
||||||
private byte[] ciphertext = null;
|
private byte[] ciphertext = null;
|
||||||
private byte[] authtagPlusInnerKey = null;
|
private byte[] authtagPlusInnerKey = null;
|
||||||
private byte[] iv = null;
|
private byte[] iv = null;
|
||||||
private final SparseArray<XmppAxolotlSession.AxolotlKey> keys;
|
private final List<XmppAxolotlSession.AxolotlKey> keys;
|
||||||
private final Jid from;
|
private final Jid from;
|
||||||
private final int sourceDeviceId;
|
private final int sourceDeviceId;
|
||||||
|
|
||||||
|
@ -110,7 +111,7 @@ public class XmppAxolotlMessage {
|
||||||
throw new IllegalArgumentException("invalid source id");
|
throw new IllegalArgumentException("invalid source id");
|
||||||
}
|
}
|
||||||
List<Element> keyElements = header.getChildren();
|
List<Element> keyElements = header.getChildren();
|
||||||
this.keys = new SparseArray<>();
|
this.keys = new ArrayList<>();
|
||||||
for (Element keyElement : keyElements) {
|
for (Element keyElement : keyElements) {
|
||||||
switch (keyElement.getName()) {
|
switch (keyElement.getName()) {
|
||||||
case KEYTAG:
|
case KEYTAG:
|
||||||
|
@ -118,7 +119,7 @@ public class XmppAxolotlMessage {
|
||||||
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
|
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
|
||||||
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
|
||||||
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
|
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
|
||||||
this.keys.put(recipientId, new XmppAxolotlSession.AxolotlKey(key,isPreKey));
|
this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key,isPreKey));
|
||||||
} catch (NumberFormatException e) {
|
} catch (NumberFormatException e) {
|
||||||
throw new IllegalArgumentException("invalid remote id");
|
throw new IllegalArgumentException("invalid remote id");
|
||||||
}
|
}
|
||||||
|
@ -143,7 +144,7 @@ public class XmppAxolotlMessage {
|
||||||
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
|
XmppAxolotlMessage(Jid from, int sourceDeviceId) {
|
||||||
this.from = from;
|
this.from = from;
|
||||||
this.sourceDeviceId = sourceDeviceId;
|
this.sourceDeviceId = sourceDeviceId;
|
||||||
this.keys = new SparseArray<>();
|
this.keys = new ArrayList<>();
|
||||||
this.iv = generateIv();
|
this.iv = generateIv();
|
||||||
this.innerKey = generateKey();
|
this.innerKey = generateKey();
|
||||||
}
|
}
|
||||||
|
@ -232,7 +233,7 @@ public class XmppAxolotlMessage {
|
||||||
key = session.processSending(innerKey, ignoreSessionTrust);
|
key = session.processSending(innerKey, ignoreSessionTrust);
|
||||||
}
|
}
|
||||||
if (key != null) {
|
if (key != null) {
|
||||||
keys.put(session.getRemoteAddress().getDeviceId(), key);
|
keys.add(key);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -248,13 +249,13 @@ public class XmppAxolotlMessage {
|
||||||
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
|
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
|
||||||
Element headerElement = encryptionElement.addChild(HEADER);
|
Element headerElement = encryptionElement.addChild(HEADER);
|
||||||
headerElement.setAttribute(SOURCEID, sourceDeviceId);
|
headerElement.setAttribute(SOURCEID, sourceDeviceId);
|
||||||
for(int i = 0; i < keys.size(); ++i) {
|
for(XmppAxolotlSession.AxolotlKey key : keys) {
|
||||||
Element keyElement = new Element(KEYTAG);
|
Element keyElement = new Element(KEYTAG);
|
||||||
keyElement.setAttribute(REMOTEID, keys.keyAt(i));
|
keyElement.setAttribute(REMOTEID, key.deviceId);
|
||||||
if (keys.valueAt(i).prekey) {
|
if (key.prekey) {
|
||||||
keyElement.setAttribute("prekey","true");
|
keyElement.setAttribute("prekey","true");
|
||||||
}
|
}
|
||||||
keyElement.setContent(Base64.encodeToString(keys.valueAt(i).key, Base64.NO_WRAP));
|
keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
|
||||||
headerElement.addChild(keyElement);
|
headerElement.addChild(keyElement);
|
||||||
}
|
}
|
||||||
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
|
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
|
||||||
|
@ -266,11 +267,16 @@ public class XmppAxolotlMessage {
|
||||||
}
|
}
|
||||||
|
|
||||||
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
||||||
XmppAxolotlSession.AxolotlKey encryptedKey = keys.get(sourceDeviceId);
|
ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
|
||||||
if (encryptedKey == null) {
|
for(XmppAxolotlSession.AxolotlKey key : keys) {
|
||||||
|
if (key.deviceId == sourceDeviceId) {
|
||||||
|
possibleKeys.add(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (possibleKeys.size() == 0) {
|
||||||
throw new NotEncryptedForThisDeviceException();
|
throw new NotEncryptedForThisDeviceException();
|
||||||
}
|
}
|
||||||
return session.processReceiving(encryptedKey);
|
return session.processReceiving(possibleKeys);
|
||||||
}
|
}
|
||||||
|
|
||||||
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
|
||||||
|
|
|
@ -2,6 +2,7 @@ package eu.siacs.conversations.crypto.axolotl;
|
||||||
|
|
||||||
import android.support.annotation.NonNull;
|
import android.support.annotation.NonNull;
|
||||||
import android.support.annotation.Nullable;
|
import android.support.annotation.Nullable;
|
||||||
|
import android.util.Log;
|
||||||
|
|
||||||
import org.whispersystems.libsignal.SignalProtocolAddress;
|
import org.whispersystems.libsignal.SignalProtocolAddress;
|
||||||
import org.whispersystems.libsignal.DuplicateMessageException;
|
import org.whispersystems.libsignal.DuplicateMessageException;
|
||||||
|
@ -19,6 +20,10 @@ import org.whispersystems.libsignal.protocol.PreKeySignalMessage;
|
||||||
import org.whispersystems.libsignal.protocol.SignalMessage;
|
import org.whispersystems.libsignal.protocol.SignalMessage;
|
||||||
import org.whispersystems.libsignal.util.guava.Optional;
|
import org.whispersystems.libsignal.util.guava.Optional;
|
||||||
|
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import eu.siacs.conversations.Config;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
import eu.siacs.conversations.utils.CryptoHelper;
|
import eu.siacs.conversations.utils.CryptoHelper;
|
||||||
|
|
||||||
|
@ -79,20 +84,29 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
byte[] processReceiving(AxolotlKey encryptedKey) throws CryptoFailedException {
|
byte[] processReceiving(List<AxolotlKey> possibleKeys) throws CryptoFailedException {
|
||||||
byte[] plaintext;
|
byte[] plaintext = null;
|
||||||
FingerprintStatus status = getTrust();
|
FingerprintStatus status = getTrust();
|
||||||
if (!status.isCompromised()) {
|
if (!status.isCompromised()) {
|
||||||
|
Iterator<AxolotlKey> iterator = possibleKeys.iterator();
|
||||||
|
while (iterator.hasNext()) {
|
||||||
|
AxolotlKey encryptedKey = iterator.next();
|
||||||
try {
|
try {
|
||||||
if (encryptedKey.prekey) {
|
if (encryptedKey.prekey) {
|
||||||
PreKeySignalMessage preKeySignalMessage = new PreKeySignalMessage(encryptedKey.key);
|
PreKeySignalMessage preKeySignalMessage = new PreKeySignalMessage(encryptedKey.key);
|
||||||
Optional<Integer> optionalPreKeyId = preKeySignalMessage.getPreKeyId();
|
Optional<Integer> optionalPreKeyId = preKeySignalMessage.getPreKeyId();
|
||||||
IdentityKey identityKey = preKeySignalMessage.getIdentityKey();
|
IdentityKey identityKey = preKeySignalMessage.getIdentityKey();
|
||||||
if (!optionalPreKeyId.isPresent()) {
|
if (!optionalPreKeyId.isPresent()) {
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
throw new CryptoFailedException("PreKeyWhisperMessage did not contain a PreKeyId");
|
throw new CryptoFailedException("PreKeyWhisperMessage did not contain a PreKeyId");
|
||||||
}
|
}
|
||||||
preKeyId = optionalPreKeyId.get();
|
preKeyId = optionalPreKeyId.get();
|
||||||
if (this.identityKey != null && !this.identityKey.equals(identityKey)) {
|
if (this.identityKey != null && !this.identityKey.equals(identityKey)) {
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
throw new CryptoFailedException("Received PreKeyWhisperMessage but preexisting identity key changed.");
|
throw new CryptoFailedException("Received PreKeyWhisperMessage but preexisting identity key changed.");
|
||||||
}
|
}
|
||||||
this.identityKey = identityKey;
|
this.identityKey = identityKey;
|
||||||
|
@ -102,13 +116,25 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
|
||||||
try {
|
try {
|
||||||
plaintext = cipher.decrypt(signalMessage);
|
plaintext = cipher.decrypt(signalMessage);
|
||||||
} catch (InvalidMessageException | NoSessionException e) {
|
} catch (InvalidMessageException | NoSessionException e) {
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
Log.w(Config.LOGTAG,account.getJid().asBareJid()+": ignoring crypto exception because possible keys left to try",e);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
throw new BrokenSessionException(this.remoteAddress, e);
|
throw new BrokenSessionException(this.remoteAddress, e);
|
||||||
}
|
}
|
||||||
preKeyId = null; //better safe than sorry because we use that to do special after prekey handling
|
preKeyId = null; //better safe than sorry because we use that to do special after prekey handling
|
||||||
}
|
}
|
||||||
} catch (InvalidVersionException | InvalidKeyException | LegacyMessageException | InvalidMessageException | DuplicateMessageException | InvalidKeyIdException | UntrustedIdentityException e) {
|
} catch (InvalidVersionException | InvalidKeyException | LegacyMessageException | InvalidMessageException | DuplicateMessageException | InvalidKeyIdException | UntrustedIdentityException e) {
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
Log.w(Config.LOGTAG,account.getJid().asBareJid()+": ignoring crypto exception because possible keys left to try",e);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
throw new CryptoFailedException("Error decrypting SignalMessage", e);
|
throw new CryptoFailedException("Error decrypting SignalMessage", e);
|
||||||
}
|
}
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (!status.isActive()) {
|
if (!status.isActive()) {
|
||||||
setTrust(status.toActive());
|
setTrust(status.toActive());
|
||||||
//TODO: also (re)add to device list?
|
//TODO: also (re)add to device list?
|
||||||
|
@ -125,7 +151,7 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
|
||||||
if (ignoreSessionTrust || status.isTrustedAndActive()) {
|
if (ignoreSessionTrust || status.isTrustedAndActive()) {
|
||||||
try {
|
try {
|
||||||
CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage);
|
CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage);
|
||||||
return new AxolotlKey(ciphertextMessage.serialize(),ciphertextMessage.getType() == CiphertextMessage.PREKEY_TYPE);
|
return new AxolotlKey(getRemoteAddress().getDeviceId(), ciphertextMessage.serialize(),ciphertextMessage.getType() == CiphertextMessage.PREKEY_TYPE);
|
||||||
} catch (UntrustedIdentityException e) {
|
} catch (UntrustedIdentityException e) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -148,8 +174,10 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
|
||||||
|
|
||||||
public final byte[] key;
|
public final byte[] key;
|
||||||
public final boolean prekey;
|
public final boolean prekey;
|
||||||
|
public final int deviceId;
|
||||||
|
|
||||||
public AxolotlKey(byte[] key, boolean prekey) {
|
public AxolotlKey(int deviceId, byte[] key, boolean prekey) {
|
||||||
|
this.deviceId = deviceId;
|
||||||
this.key = key;
|
this.key = key;
|
||||||
this.prekey = prekey;
|
this.prekey = prekey;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue