handle decrypting/encrypting of omemo messages with duplicate device ids

This commit is contained in:
Daniel Gultsch 2019-01-05 15:34:19 +01:00
parent 136d1e1905
commit dac088428c
2 changed files with 75 additions and 41 deletions

View File

@ -9,6 +9,7 @@ import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException; import java.security.NoSuchProviderException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import javax.crypto.BadPaddingException; import javax.crypto.BadPaddingException;
@ -42,7 +43,7 @@ public class XmppAxolotlMessage {
private byte[] ciphertext = null; private byte[] ciphertext = null;
private byte[] authtagPlusInnerKey = null; private byte[] authtagPlusInnerKey = null;
private byte[] iv = null; private byte[] iv = null;
private final SparseArray<XmppAxolotlSession.AxolotlKey> keys; private final List<XmppAxolotlSession.AxolotlKey> keys;
private final Jid from; private final Jid from;
private final int sourceDeviceId; private final int sourceDeviceId;
@ -110,7 +111,7 @@ public class XmppAxolotlMessage {
throw new IllegalArgumentException("invalid source id"); throw new IllegalArgumentException("invalid source id");
} }
List<Element> keyElements = header.getChildren(); List<Element> keyElements = header.getChildren();
this.keys = new SparseArray<>(); this.keys = new ArrayList<>();
for (Element keyElement : keyElements) { for (Element keyElement : keyElements) {
switch (keyElement.getName()) { switch (keyElement.getName()) {
case KEYTAG: case KEYTAG:
@ -118,7 +119,7 @@ public class XmppAxolotlMessage {
Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID)); Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT); byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT);
boolean isPreKey =keyElement.getAttributeAsBoolean("prekey"); boolean isPreKey =keyElement.getAttributeAsBoolean("prekey");
this.keys.put(recipientId, new XmppAxolotlSession.AxolotlKey(key,isPreKey)); this.keys.add(new XmppAxolotlSession.AxolotlKey(recipientId, key,isPreKey));
} catch (NumberFormatException e) { } catch (NumberFormatException e) {
throw new IllegalArgumentException("invalid remote id"); throw new IllegalArgumentException("invalid remote id");
} }
@ -143,7 +144,7 @@ public class XmppAxolotlMessage {
XmppAxolotlMessage(Jid from, int sourceDeviceId) { XmppAxolotlMessage(Jid from, int sourceDeviceId) {
this.from = from; this.from = from;
this.sourceDeviceId = sourceDeviceId; this.sourceDeviceId = sourceDeviceId;
this.keys = new SparseArray<>(); this.keys = new ArrayList<>();
this.iv = generateIv(); this.iv = generateIv();
this.innerKey = generateKey(); this.innerKey = generateKey();
} }
@ -232,7 +233,7 @@ public class XmppAxolotlMessage {
key = session.processSending(innerKey, ignoreSessionTrust); key = session.processSending(innerKey, ignoreSessionTrust);
} }
if (key != null) { if (key != null) {
keys.put(session.getRemoteAddress().getDeviceId(), key); keys.add(key);
} }
} }
@ -248,13 +249,13 @@ public class XmppAxolotlMessage {
Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX); Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
Element headerElement = encryptionElement.addChild(HEADER); Element headerElement = encryptionElement.addChild(HEADER);
headerElement.setAttribute(SOURCEID, sourceDeviceId); headerElement.setAttribute(SOURCEID, sourceDeviceId);
for(int i = 0; i < keys.size(); ++i) { for(XmppAxolotlSession.AxolotlKey key : keys) {
Element keyElement = new Element(KEYTAG); Element keyElement = new Element(KEYTAG);
keyElement.setAttribute(REMOTEID, keys.keyAt(i)); keyElement.setAttribute(REMOTEID, key.deviceId);
if (keys.valueAt(i).prekey) { if (key.prekey) {
keyElement.setAttribute("prekey","true"); keyElement.setAttribute("prekey","true");
} }
keyElement.setContent(Base64.encodeToString(keys.valueAt(i).key, Base64.NO_WRAP)); keyElement.setContent(Base64.encodeToString(key.key, Base64.NO_WRAP));
headerElement.addChild(keyElement); headerElement.addChild(keyElement);
} }
headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP)); headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.NO_WRAP));
@ -266,11 +267,16 @@ public class XmppAxolotlMessage {
} }
private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException { private byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
XmppAxolotlSession.AxolotlKey encryptedKey = keys.get(sourceDeviceId); ArrayList<XmppAxolotlSession.AxolotlKey> possibleKeys = new ArrayList<>();
if (encryptedKey == null) { for(XmppAxolotlSession.AxolotlKey key : keys) {
if (key.deviceId == sourceDeviceId) {
possibleKeys.add(key);
}
}
if (possibleKeys.size() == 0) {
throw new NotEncryptedForThisDeviceException(); throw new NotEncryptedForThisDeviceException();
} }
return session.processReceiving(encryptedKey); return session.processReceiving(possibleKeys);
} }
XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException { XmppAxolotlKeyTransportMessage getParameters(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {

View File

@ -2,6 +2,7 @@ package eu.siacs.conversations.crypto.axolotl;
import android.support.annotation.NonNull; import android.support.annotation.NonNull;
import android.support.annotation.Nullable; import android.support.annotation.Nullable;
import android.util.Log;
import org.whispersystems.libsignal.SignalProtocolAddress; import org.whispersystems.libsignal.SignalProtocolAddress;
import org.whispersystems.libsignal.DuplicateMessageException; import org.whispersystems.libsignal.DuplicateMessageException;
@ -19,6 +20,10 @@ import org.whispersystems.libsignal.protocol.PreKeySignalMessage;
import org.whispersystems.libsignal.protocol.SignalMessage; import org.whispersystems.libsignal.protocol.SignalMessage;
import org.whispersystems.libsignal.util.guava.Optional; import org.whispersystems.libsignal.util.guava.Optional;
import java.util.Iterator;
import java.util.List;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.utils.CryptoHelper; import eu.siacs.conversations.utils.CryptoHelper;
@ -79,20 +84,29 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
} }
@Nullable @Nullable
byte[] processReceiving(AxolotlKey encryptedKey) throws CryptoFailedException { byte[] processReceiving(List<AxolotlKey> possibleKeys) throws CryptoFailedException {
byte[] plaintext; byte[] plaintext = null;
FingerprintStatus status = getTrust(); FingerprintStatus status = getTrust();
if (!status.isCompromised()) { if (!status.isCompromised()) {
Iterator<AxolotlKey> iterator = possibleKeys.iterator();
while (iterator.hasNext()) {
AxolotlKey encryptedKey = iterator.next();
try { try {
if (encryptedKey.prekey) { if (encryptedKey.prekey) {
PreKeySignalMessage preKeySignalMessage = new PreKeySignalMessage(encryptedKey.key); PreKeySignalMessage preKeySignalMessage = new PreKeySignalMessage(encryptedKey.key);
Optional<Integer> optionalPreKeyId = preKeySignalMessage.getPreKeyId(); Optional<Integer> optionalPreKeyId = preKeySignalMessage.getPreKeyId();
IdentityKey identityKey = preKeySignalMessage.getIdentityKey(); IdentityKey identityKey = preKeySignalMessage.getIdentityKey();
if (!optionalPreKeyId.isPresent()) { if (!optionalPreKeyId.isPresent()) {
if (iterator.hasNext()) {
continue;
}
throw new CryptoFailedException("PreKeyWhisperMessage did not contain a PreKeyId"); throw new CryptoFailedException("PreKeyWhisperMessage did not contain a PreKeyId");
} }
preKeyId = optionalPreKeyId.get(); preKeyId = optionalPreKeyId.get();
if (this.identityKey != null && !this.identityKey.equals(identityKey)) { if (this.identityKey != null && !this.identityKey.equals(identityKey)) {
if (iterator.hasNext()) {
continue;
}
throw new CryptoFailedException("Received PreKeyWhisperMessage but preexisting identity key changed."); throw new CryptoFailedException("Received PreKeyWhisperMessage but preexisting identity key changed.");
} }
this.identityKey = identityKey; this.identityKey = identityKey;
@ -102,13 +116,25 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
try { try {
plaintext = cipher.decrypt(signalMessage); plaintext = cipher.decrypt(signalMessage);
} catch (InvalidMessageException | NoSessionException e) { } catch (InvalidMessageException | NoSessionException e) {
if (iterator.hasNext()) {
Log.w(Config.LOGTAG,account.getJid().asBareJid()+": ignoring crypto exception because possible keys left to try",e);
continue;
}
throw new BrokenSessionException(this.remoteAddress, e); throw new BrokenSessionException(this.remoteAddress, e);
} }
preKeyId = null; //better safe than sorry because we use that to do special after prekey handling preKeyId = null; //better safe than sorry because we use that to do special after prekey handling
} }
} catch (InvalidVersionException | InvalidKeyException | LegacyMessageException | InvalidMessageException | DuplicateMessageException | InvalidKeyIdException | UntrustedIdentityException e) { } catch (InvalidVersionException | InvalidKeyException | LegacyMessageException | InvalidMessageException | DuplicateMessageException | InvalidKeyIdException | UntrustedIdentityException e) {
if (iterator.hasNext()) {
Log.w(Config.LOGTAG,account.getJid().asBareJid()+": ignoring crypto exception because possible keys left to try",e);
continue;
}
throw new CryptoFailedException("Error decrypting SignalMessage", e); throw new CryptoFailedException("Error decrypting SignalMessage", e);
} }
if (iterator.hasNext()) {
break;
}
}
if (!status.isActive()) { if (!status.isActive()) {
setTrust(status.toActive()); setTrust(status.toActive());
//TODO: also (re)add to device list? //TODO: also (re)add to device list?
@ -125,7 +151,7 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
if (ignoreSessionTrust || status.isTrustedAndActive()) { if (ignoreSessionTrust || status.isTrustedAndActive()) {
try { try {
CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage); CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage);
return new AxolotlKey(ciphertextMessage.serialize(),ciphertextMessage.getType() == CiphertextMessage.PREKEY_TYPE); return new AxolotlKey(getRemoteAddress().getDeviceId(), ciphertextMessage.serialize(),ciphertextMessage.getType() == CiphertextMessage.PREKEY_TYPE);
} catch (UntrustedIdentityException e) { } catch (UntrustedIdentityException e) {
return null; return null;
} }
@ -148,8 +174,10 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
public final byte[] key; public final byte[] key;
public final boolean prekey; public final boolean prekey;
public final int deviceId;
public AxolotlKey(byte[] key, boolean prekey) { public AxolotlKey(int deviceId, byte[] key, boolean prekey) {
this.deviceId = deviceId;
this.key = key; this.key = key;
this.prekey = prekey; this.prekey = prekey;
} }