XmppAxolotlMessage.java

  1package eu.siacs.conversations.crypto.axolotl;
  2
  3import android.util.Base64;
  4import android.util.Log;
  5
  6import java.security.InvalidAlgorithmParameterException;
  7import java.security.InvalidKeyException;
  8import java.security.NoSuchAlgorithmException;
  9import java.security.NoSuchProviderException;
 10import java.security.SecureRandom;
 11import java.util.HashMap;
 12import java.util.List;
 13import java.util.Map;
 14
 15import javax.crypto.BadPaddingException;
 16import javax.crypto.Cipher;
 17import javax.crypto.IllegalBlockSizeException;
 18import javax.crypto.KeyGenerator;
 19import javax.crypto.NoSuchPaddingException;
 20import javax.crypto.SecretKey;
 21import javax.crypto.spec.IvParameterSpec;
 22import javax.crypto.spec.SecretKeySpec;
 23
 24import eu.siacs.conversations.Config;
 25import eu.siacs.conversations.xml.Element;
 26import eu.siacs.conversations.xmpp.jid.Jid;
 27
 28public class XmppAxolotlMessage {
 29	public static final String CONTAINERTAG = "encrypted";
 30	public static final String HEADER = "header";
 31	public static final String SOURCEID = "sid";
 32	public static final String KEYTAG = "key";
 33	public static final String REMOTEID = "rid";
 34	public static final String IVTAG = "iv";
 35	public static final String PAYLOAD = "payload";
 36
 37	private static final String KEYTYPE = "AES";
 38	private static final String CIPHERMODE = "AES/GCM/NoPadding";
 39	private static final String PROVIDER = "BC";
 40
 41	private byte[] innerKey;
 42	private byte[] ciphertext = null;
 43	private byte[] iv = null;
 44	private final Map<Integer, byte[]> keys;
 45	private final Jid from;
 46	private final int sourceDeviceId;
 47
 48	public static class XmppAxolotlPlaintextMessage {
 49		private final String plaintext;
 50		private final String fingerprint;
 51
 52		public XmppAxolotlPlaintextMessage(String plaintext, String fingerprint) {
 53			this.plaintext = plaintext;
 54			this.fingerprint = fingerprint;
 55		}
 56
 57		public String getPlaintext() {
 58			return plaintext;
 59		}
 60
 61
 62		public String getFingerprint() {
 63			return fingerprint;
 64		}
 65	}
 66
 67	private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException {
 68		this.from = from;
 69		Element header = axolotlMessage.findChild(HEADER);
 70		this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID));
 71		List<Element> keyElements = header.getChildren();
 72		this.keys = new HashMap<>(keyElements.size());
 73		for (Element keyElement : keyElements) {
 74			switch (keyElement.getName()) {
 75				case KEYTAG:
 76					try {
 77						Integer recipientId = Integer.parseInt(keyElement.getAttribute(REMOTEID));
 78						byte[] key = Base64.decode(keyElement.getContent(), Base64.DEFAULT);
 79						this.keys.put(recipientId, key);
 80					} catch (NumberFormatException e) {
 81						throw new IllegalArgumentException(e);
 82					}
 83					break;
 84				case IVTAG:
 85					if (this.iv != null) {
 86						throw new IllegalArgumentException("Duplicate iv entry");
 87					}
 88					iv = Base64.decode(keyElement.getContent(), Base64.DEFAULT);
 89					break;
 90				default:
 91					Log.w(Config.LOGTAG, "Unexpected element in header: " + keyElement.toString());
 92					break;
 93			}
 94		}
 95		Element payloadElement = axolotlMessage.findChild(PAYLOAD);
 96		if (payloadElement != null) {
 97			ciphertext = Base64.decode(payloadElement.getContent(), Base64.DEFAULT);
 98		}
 99	}
100
101	public XmppAxolotlMessage(Jid from, int sourceDeviceId) {
102		this.from = from;
103		this.sourceDeviceId = sourceDeviceId;
104		this.keys = new HashMap<>();
105		this.iv = generateIv();
106		this.innerKey = generateKey();
107	}
108
109	public static XmppAxolotlMessage fromElement(Element element, Jid from) {
110		return new XmppAxolotlMessage(element, from);
111	}
112
113	private static byte[] generateKey() {
114		try {
115			KeyGenerator generator = KeyGenerator.getInstance(KEYTYPE);
116			generator.init(128);
117			return generator.generateKey().getEncoded();
118		} catch (NoSuchAlgorithmException e) {
119			Log.e(Config.LOGTAG, e.getMessage());
120			return null;
121		}
122	}
123
124	private static byte[] generateIv() {
125		SecureRandom random = new SecureRandom();
126		byte[] iv = new byte[16];
127		random.nextBytes(iv);
128		return iv;
129	}
130
131	public void encrypt(String plaintext) throws CryptoFailedException {
132		try {
133			SecretKey secretKey = new SecretKeySpec(innerKey, KEYTYPE);
134			IvParameterSpec ivSpec = new IvParameterSpec(iv);
135			Cipher cipher = Cipher.getInstance(CIPHERMODE, PROVIDER);
136			cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
137			this.innerKey = secretKey.getEncoded();
138			this.ciphertext = cipher.doFinal(plaintext.getBytes());
139		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
140				| IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
141				| InvalidAlgorithmParameterException e) {
142			throw new CryptoFailedException(e);
143		}
144	}
145
146	public Jid getFrom() {
147		return this.from;
148	}
149
150	public int getSenderDeviceId() {
151		return sourceDeviceId;
152	}
153
154	public byte[] getCiphertext() {
155		return ciphertext;
156	}
157
158	public void addDevice(XmppAxolotlSession session) {
159		byte[] key = session.processSending(innerKey);
160		if (key != null) {
161			keys.put(session.getRemoteAddress().getDeviceId(), key);
162		}
163	}
164
165	public byte[] getInnerKey() {
166		return innerKey;
167	}
168
169	public byte[] getIV() {
170		return this.iv;
171	}
172
173	public Element toElement() {
174		Element encryptionElement = new Element(CONTAINERTAG, AxolotlService.PEP_PREFIX);
175		Element headerElement = encryptionElement.addChild(HEADER);
176		headerElement.setAttribute(SOURCEID, sourceDeviceId);
177		for (Map.Entry<Integer, byte[]> keyEntry : keys.entrySet()) {
178			Element keyElement = new Element(KEYTAG);
179			keyElement.setAttribute(REMOTEID, keyEntry.getKey());
180			keyElement.setContent(Base64.encodeToString(keyEntry.getValue(), Base64.DEFAULT));
181			headerElement.addChild(keyElement);
182		}
183		headerElement.addChild(IVTAG).setContent(Base64.encodeToString(iv, Base64.DEFAULT));
184		if (ciphertext != null) {
185			Element payload = encryptionElement.addChild(PAYLOAD);
186			payload.setContent(Base64.encodeToString(ciphertext, Base64.DEFAULT));
187		}
188		return encryptionElement;
189	}
190
191	public byte[] unpackKey(XmppAxolotlSession session, Integer sourceDeviceId) {
192		byte[] encryptedKey = keys.get(sourceDeviceId);
193		return (encryptedKey != null) ? session.processReceiving(encryptedKey) : null;
194	}
195
196	public XmppAxolotlPlaintextMessage decrypt(XmppAxolotlSession session, Integer sourceDeviceId) throws CryptoFailedException {
197		XmppAxolotlPlaintextMessage plaintextMessage = null;
198		byte[] key = unpackKey(session, sourceDeviceId);
199		if (key != null) {
200			try {
201				Cipher cipher = Cipher.getInstance(CIPHERMODE, PROVIDER);
202				SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
203				IvParameterSpec ivSpec = new IvParameterSpec(iv);
204
205				cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
206
207				String plaintext = new String(cipher.doFinal(ciphertext));
208				plaintextMessage = new XmppAxolotlPlaintextMessage(plaintext, session.getFingerprint());
209
210			} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
211					| InvalidAlgorithmParameterException | IllegalBlockSizeException
212					| BadPaddingException | NoSuchProviderException e) {
213				throw new CryptoFailedException(e);
214			}
215		}
216		return plaintextMessage;
217	}
218}