Detailed changes
@@ -1,15 +1,29 @@
package eu.siacs.conversations.crypto.axolotl;
+import android.util.Base64;
import android.util.Log;
import org.whispersystems.libaxolotl.AxolotlAddress;
+import org.whispersystems.libaxolotl.DuplicateMessageException;
import org.whispersystems.libaxolotl.IdentityKey;
import org.whispersystems.libaxolotl.IdentityKeyPair;
import org.whispersystems.libaxolotl.InvalidKeyException;
import org.whispersystems.libaxolotl.InvalidKeyIdException;
+import org.whispersystems.libaxolotl.InvalidMessageException;
+import org.whispersystems.libaxolotl.InvalidVersionException;
+import org.whispersystems.libaxolotl.LegacyMessageException;
+import org.whispersystems.libaxolotl.NoSessionException;
+import org.whispersystems.libaxolotl.SessionBuilder;
+import org.whispersystems.libaxolotl.SessionCipher;
+import org.whispersystems.libaxolotl.UntrustedIdentityException;
import org.whispersystems.libaxolotl.ecc.Curve;
import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+import org.whispersystems.libaxolotl.protocol.CiphertextMessage;
+import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage;
+import org.whispersystems.libaxolotl.protocol.WhisperMessage;
import org.whispersystems.libaxolotl.state.AxolotlStore;
+import org.whispersystems.libaxolotl.state.PreKeyBundle;
import org.whispersystems.libaxolotl.state.PreKeyRecord;
import org.whispersystems.libaxolotl.state.SessionRecord;
import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
@@ -17,43 +31,50 @@ import org.whispersystems.libaxolotl.util.KeyHelper;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Random;
+import java.util.Set;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;
+import eu.siacs.conversations.entities.Contact;
import eu.siacs.conversations.entities.Conversation;
-import eu.siacs.conversations.entities.Message;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
import eu.siacs.conversations.xmpp.jid.Jid;
public class AxolotlService {
- private Account account;
- private XmppConnectionService mXmppConnectionService;
- private SQLiteAxolotlStore axolotlStore;
- private Map<Jid,XmppAxolotlSession> sessions;
+ private final Account account;
+ private final XmppConnectionService mXmppConnectionService;
+ private final SQLiteAxolotlStore axolotlStore;
+ private final SessionMap sessions;
+ private int ownDeviceId;
public static class SQLiteAxolotlStore implements AxolotlStore {
public static final String PREKEY_TABLENAME = "prekeys";
public static final String SIGNED_PREKEY_TABLENAME = "signed_prekeys";
- public static final String SESSION_TABLENAME = "signed_prekeys";
- public static final String NAME = "name";
+ public static final String SESSION_TABLENAME = "sessions";
+ public static final String ACCOUNT = "account";
public static final String DEVICE_ID = "device_id";
public static final String ID = "id";
public static final String KEY = "key";
- public static final String ACCOUNT = "account";
+ public static final String NAME = "name";
+ public static final String TRUSTED = "trusted";
public static final String JSONKEY_IDENTITY_KEY_PAIR = "axolotl_key";
public static final String JSONKEY_REGISTRATION_ID = "axolotl_reg_id";
+ public static final String JSONKEY_CURRENT_PREKEY_ID = "axolotl_cur_prekey_id";
private final Account account;
private final XmppConnectionService mXmppConnectionService;
private final IdentityKeyPair identityKeyPair;
private final int localRegistrationId;
+ private int currentPreKeyId = 0;
private static IdentityKeyPair generateIdentityKeyPair() {
@@ -75,6 +96,14 @@ public class AxolotlService {
this.mXmppConnectionService = service;
this.identityKeyPair = loadIdentityKeyPair();
this.localRegistrationId = loadRegistrationId();
+ this.currentPreKeyId = loadCurrentPreKeyId();
+ for( SignedPreKeyRecord record:loadSignedPreKeys()) {
+ Log.d(Config.LOGTAG, "Got Axolotl signed prekey record:" + record.getId());
+ }
+ }
+
+ public int getCurrentPreKeyId() {
+ return currentPreKeyId;
}
// --------------------------------------
@@ -86,21 +115,22 @@ public class AxolotlService {
IdentityKeyPair ownKey;
if( serializedKey != null ) {
try {
- ownKey = new IdentityKeyPair(serializedKey.getBytes());
+ ownKey = new IdentityKeyPair(Base64.decode(serializedKey,Base64.DEFAULT));
+ return ownKey;
} catch (InvalidKeyException e) {
Log.d(Config.LOGTAG, "Invalid key stored for account " + account.getJid() + ": " + e.getMessage());
- return null;
+// return null;
}
- } else {
+ } //else {
Log.d(Config.LOGTAG, "Could not retrieve axolotl key for account " + account.getJid());
ownKey = generateIdentityKeyPair();
- boolean success = this.account.setKey(JSONKEY_IDENTITY_KEY_PAIR, new String(ownKey.serialize()));
+ boolean success = this.account.setKey(JSONKEY_IDENTITY_KEY_PAIR, Base64.encodeToString(ownKey.serialize(), Base64.DEFAULT));
if(success) {
mXmppConnectionService.databaseBackend.updateAccount(account);
} else {
Log.e(Config.LOGTAG, "Failed to write new key to the database!");
}
- }
+ //}
return ownKey;
}
@@ -122,6 +152,19 @@ public class AxolotlService {
return reg_id;
}
+ private int loadCurrentPreKeyId() {
+ String regIdString = this.account.getKey(JSONKEY_CURRENT_PREKEY_ID);
+ int reg_id;
+ if (regIdString != null) {
+ reg_id = Integer.valueOf(regIdString);
+ } else {
+ Log.d(Config.LOGTAG, "Could not retrieve current prekey id for account " + account.getJid());
+ reg_id = 0;
+ }
+ return reg_id;
+ }
+
+
/**
* Get the local client's identity key pair.
*
@@ -159,7 +202,7 @@ public class AxolotlService {
Jid contactJid = Jid.fromString(name);
Conversation conversation = this.mXmppConnectionService.find(this.account, contactJid);
if (conversation != null) {
- conversation.getContact().addAxolotlIdentityKey(identityKey, false);
+ conversation.getContact().addAxolotlIdentityKey(identityKey);
mXmppConnectionService.updateConversationUi();
mXmppConnectionService.syncRosterToDisk(conversation.getAccount());
}
@@ -188,8 +231,8 @@ public class AxolotlService {
Jid contactJid = Jid.fromString(name);
Conversation conversation = this.mXmppConnectionService.find(this.account, contactJid);
if (conversation != null) {
- List<IdentityKey> trustedKeys = conversation.getContact().getTrustedAxolotlIdentityKeys();
- return trustedKeys.contains(identityKey);
+ List<IdentityKey> trustedKeys = conversation.getContact().getAxolotlIdentityKeys();
+ return trustedKeys.isEmpty() || trustedKeys.contains(identityKey);
} else {
return false;
}
@@ -274,7 +317,15 @@ public class AxolotlService {
@Override
public void deleteAllSessions(String name) {
mXmppConnectionService.databaseBackend.deleteAllSessions(account,
- new AxolotlAddress(name,0));
+ new AxolotlAddress(name, 0));
+ }
+
+ public boolean isTrustedSession(AxolotlAddress address) {
+ return mXmppConnectionService.databaseBackend.isTrustedSession(this.account, address);
+ }
+
+ public void setTrustedSession(AxolotlAddress address, boolean trusted) {
+ mXmppConnectionService.databaseBackend.setTrustedSession(this.account, address,trusted);
}
// --------------------------------------
@@ -292,7 +343,7 @@ public class AxolotlService {
public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException {
PreKeyRecord record = mXmppConnectionService.databaseBackend.loadPreKey(account, preKeyId);
if(record == null) {
- throw new InvalidKeyIdException("No such PreKeyRecord!");
+ throw new InvalidKeyIdException("No such PreKeyRecord: " + preKeyId);
}
return record;
}
@@ -306,6 +357,13 @@ public class AxolotlService {
@Override
public void storePreKey(int preKeyId, PreKeyRecord record) {
mXmppConnectionService.databaseBackend.storePreKey(account, record);
+ currentPreKeyId = preKeyId;
+ boolean success = this.account.setKey(JSONKEY_CURRENT_PREKEY_ID,Integer.toString(preKeyId));
+ if(success) {
+ mXmppConnectionService.databaseBackend.updateAccount(account);
+ } else {
+ Log.e(Config.LOGTAG, "Failed to write new prekey id to the database!");
+ }
}
/**
@@ -342,7 +400,7 @@ public class AxolotlService {
public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException {
SignedPreKeyRecord record = mXmppConnectionService.databaseBackend.loadSignedPreKey(account, signedPreKeyId);
if(record == null) {
- throw new InvalidKeyIdException("No such PreKeyRecord!");
+ throw new InvalidKeyIdException("No such SignedPreKeyRecord: " + signedPreKeyId);
}
return record;
}
@@ -388,53 +446,229 @@ public class AxolotlService {
}
}
- private static class XmppAxolotlSession {
- private List<Message> untrustedMessages;
- private AxolotlStore axolotlStore;
-
- public XmppAxolotlSession(SQLiteAxolotlStore axolotlStore) {
- this.untrustedMessages = new ArrayList<>();
- this.axolotlStore = axolotlStore;
+ public static class XmppAxolotlSession {
+ private SessionCipher cipher;
+ private boolean isTrusted = false;
+ private SQLiteAxolotlStore sqLiteAxolotlStore;
+ private AxolotlAddress remoteAddress;
+
+ public XmppAxolotlSession(SQLiteAxolotlStore store, AxolotlAddress remoteAddress) {
+ this.cipher = new SessionCipher(store, remoteAddress);
+ this.remoteAddress = remoteAddress;
+ this.sqLiteAxolotlStore = store;
+ this.isTrusted = sqLiteAxolotlStore.isTrustedSession(remoteAddress);
}
public void trust() {
- for (Message message : this.untrustedMessages) {
- message.trust();
- }
- this.untrustedMessages = null;
+ sqLiteAxolotlStore.setTrustedSession(remoteAddress, true);
+ this.isTrusted = true;
}
public boolean isTrusted() {
- return (this.untrustedMessages == null);
+ return this.isTrusted;
}
- public String processReceiving(XmppAxolotlMessage incomingMessage) {
- return null;
+ public byte[] processReceiving(XmppAxolotlMessage.XmppAxolotlMessageHeader incomingHeader) {
+ byte[] plaintext = null;
+ try {
+ try {
+ PreKeyWhisperMessage message = new PreKeyWhisperMessage(incomingHeader.getContents());
+ Log.d(Config.LOGTAG,"PreKeyWhisperMessage ID:" + message.getSignedPreKeyId() + "/" + message.getPreKeyId());
+ plaintext = cipher.decrypt(message);
+ } catch (InvalidMessageException|InvalidVersionException e) {
+ WhisperMessage message = new WhisperMessage(incomingHeader.getContents());
+ plaintext = cipher.decrypt(message);
+ } catch (InvalidKeyException|InvalidKeyIdException| UntrustedIdentityException e) {
+ Log.d(Config.LOGTAG, "Error decrypting axolotl header: " + e.getMessage());
+ }
+ } catch (LegacyMessageException|InvalidMessageException e) {
+ Log.d(Config.LOGTAG, "Error decrypting axolotl header: " + e.getMessage());
+ } catch (DuplicateMessageException|NoSessionException e) {
+ Log.d(Config.LOGTAG, "Error decrypting axolotl header: " + e.getMessage());
+ }
+ return plaintext;
}
- public XmppAxolotlMessage processSending(String outgoingMessage) {
- return null;
+ public XmppAxolotlMessage.XmppAxolotlMessageHeader processSending(byte[] outgoingMessage) {
+ CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage);
+ XmppAxolotlMessage.XmppAxolotlMessageHeader header =
+ new XmppAxolotlMessage.XmppAxolotlMessageHeader(remoteAddress.getDeviceId(),
+ ciphertextMessage.serialize());
+ return header;
}
}
+ private static class AxolotlAddressMap<T> {
+ protected Map<String, Map<Integer,T>> map;
+ protected final Object MAP_LOCK = new Object();
+
+ public AxolotlAddressMap() {
+ this.map = new HashMap<>();
+ }
+
+ public void put(AxolotlAddress address, T value) {
+ synchronized (MAP_LOCK) {
+ Map<Integer, T> devices = map.get(address.getName());
+ if (devices == null) {
+ devices = new HashMap<>();
+ map.put(address.getName(), devices);
+ }
+ devices.put(address.getDeviceId(), value);
+ }
+ }
+
+ public T get(AxolotlAddress address) {
+ synchronized (MAP_LOCK) {
+ Map<Integer, T> devices = map.get(address.getName());
+ if(devices == null) {
+ return null;
+ }
+ return devices.get(address.getDeviceId());
+ }
+ }
+
+ public Map<Integer, T> getAll(AxolotlAddress address) {
+ synchronized (MAP_LOCK) {
+ Map<Integer, T> devices = map.get(address.getName());
+ if(devices == null) {
+ return new HashMap<>();
+ }
+ return devices;
+ }
+ }
+
+ public boolean hasAny(AxolotlAddress address) {
+ synchronized (MAP_LOCK) {
+ Map<Integer, T> devices = map.get(address.getName());
+ return devices != null && !devices.isEmpty();
+ }
+ }
+
+
+ }
+
+ private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
+
+ public SessionMap(SQLiteAxolotlStore store, Account account) {
+ super();
+ this.fillMap(store, account);
+ }
+
+ private void fillMap(SQLiteAxolotlStore store, Account account) {
+ for(Contact contact:account.getRoster().getContacts()){
+ Jid bareJid = contact.getJid().toBareJid();
+ if(bareJid == null) {
+ continue; // FIXME: handle this?
+ }
+ String address = bareJid.toString();
+ List<Integer> deviceIDs = store.getSubDeviceSessions(address);
+ for(Integer deviceId:deviceIDs) {
+ AxolotlAddress axolotlAddress = new AxolotlAddress(address, deviceId);
+ this.put(axolotlAddress, new XmppAxolotlSession(store, axolotlAddress));
+ }
+ }
+ }
+
+ }
+
+ }
+
public AxolotlService(Account account, XmppConnectionService connectionService) {
this.mXmppConnectionService = connectionService;
this.account = account;
this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
- this.sessions = new HashMap<>();
+ this.sessions = new SessionMap(axolotlStore, account);
+ this.ownDeviceId = axolotlStore.getLocalRegistrationId();
}
- public void trustSession(Jid counterpart) {
+ public void trustSession(AxolotlAddress counterpart) {
XmppAxolotlSession session = sessions.get(counterpart);
if(session != null) {
session.trust();
}
}
- public boolean isTrustedSession(Jid counterpart) {
+ public boolean isTrustedSession(AxolotlAddress counterpart) {
XmppAxolotlSession session = sessions.get(counterpart);
return session != null && session.isTrusted();
}
+ private AxolotlAddress getAddressForJid(Jid jid) {
+ return new AxolotlAddress(jid.toString(), 0);
+ }
+
+ private Set<XmppAxolotlSession> findOwnSessions() {
+ AxolotlAddress ownAddress = getAddressForJid(account.getJid());
+ Set<XmppAxolotlSession> ownDeviceSessions = new HashSet<>(this.sessions.getAll(ownAddress).values());
+ return ownDeviceSessions;
+ }
+ private Set<XmppAxolotlSession> findSessionsforContact(Contact contact) {
+ AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
+ Set<XmppAxolotlSession> sessions = new HashSet<>(this.sessions.getAll(contactAddress).values());
+ return sessions;
+ }
+
+ private boolean hasAny(Contact contact) {
+ AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
+ return sessions.hasAny(contactAddress);
+ }
+
+ public int getOwnDeviceId() {
+ return ownDeviceId;
+ }
+
+ private void createSessionsIfNeeded(Contact contact) throws NoSessionsCreatedException {
+ }
+
+ public XmppAxolotlMessage processSending(Contact contact, String outgoingMessage) throws NoSessionsCreatedException {
+ XmppAxolotlMessage message = new XmppAxolotlMessage(contact, ownDeviceId, outgoingMessage);
+ createSessionsIfNeeded(contact);
+ Log.d(Config.LOGTAG, "Building axolotl foreign headers...");
+
+ for(XmppAxolotlSession session : findSessionsforContact(contact)) {
+// if(!session.isTrusted()) {
+ // TODO: handle this properly
+ // continue;
+ // }
+ message.addHeader(session.processSending(message.getInnerKey()));
+ }
+ Log.d(Config.LOGTAG, "Building axolotl own headers...");
+ for(XmppAxolotlSession session : findOwnSessions()) {
+ // if(!session.isTrusted()) {
+ // TODO: handle this properly
+ // continue;
+ // }
+ message.addHeader(session.processSending(message.getInnerKey()));
+ }
+
+ return message;
+ }
+
+ public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceiving(XmppAxolotlMessage message) {
+ XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null;
+ AxolotlAddress senderAddress = new AxolotlAddress(message.getContact().getJid().toBareJid().toString(),
+ message.getSenderDeviceId());
+
+ XmppAxolotlSession session = sessions.get(senderAddress);
+ if (session == null) {
+ Log.d(Config.LOGTAG, "No axolotl session found while parsing received message " + message);
+ // TODO: handle this properly
+ session = new XmppAxolotlSession(axolotlStore, senderAddress);
+
+ }
+
+ for(XmppAxolotlMessage.XmppAxolotlMessageHeader header : message.getHeaders()) {
+ if (header.getRecipientDeviceId() == ownDeviceId) {
+ Log.d(Config.LOGTAG, "Found axolotl header matching own device ID, processing...");
+ byte[] payloadKey = session.processReceiving(header);
+ if (payloadKey != null) {
+ Log.d(Config.LOGTAG, "Got payload key from axolotl header. Decrypting message...");
+ plaintextMessage = message.decrypt(session, payloadKey);
+ }
+ }
+ }
+
+ return plaintextMessage;
+ }
}
@@ -0,0 +1,4 @@
+package eu.siacs.conversations.crypto.axolotl;
+
+public class NoSessionsCreatedException extends Throwable{
+}
@@ -1,4 +1,184 @@
package eu.siacs.conversations.crypto.axolotl;
+import android.util.Base64;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import eu.siacs.conversations.entities.Contact;
+import eu.siacs.conversations.xml.Element;
+
public class XmppAxolotlMessage {
+ private byte[] innerKey;
+ private byte[] ciphertext;
+ private byte[] iv;
+ private final Set<XmppAxolotlMessageHeader> headers;
+ private final Contact contact;
+ private final int sourceDeviceId;
+
+ public static class XmppAxolotlMessageHeader {
+ private final int recipientDeviceId;
+ private final byte[] content;
+
+ public XmppAxolotlMessageHeader(int deviceId, byte[] content) {
+ this.recipientDeviceId = deviceId;
+ this.content = content;
+ }
+
+ public XmppAxolotlMessageHeader(Element header) {
+ if("header".equals(header.getName())) {
+ this.recipientDeviceId = Integer.parseInt(header.getAttribute("rid"));
+ this.content = Base64.decode(header.getContent(),Base64.DEFAULT);
+ } else {
+ throw new IllegalArgumentException("Argument not a <header> Element!");
+ }
+ }
+
+ public int getRecipientDeviceId() {
+ return recipientDeviceId;
+ }
+
+ public byte[] getContents() {
+ return content;
+ }
+
+ public Element toXml() {
+ Element headerElement = new Element("header");
+ // TODO: generate XML
+ headerElement.setAttribute("rid", getRecipientDeviceId());
+ headerElement.setContent(Base64.encodeToString(getContents(), Base64.DEFAULT));
+ return headerElement;
+ }
+ }
+
+ public static class XmppAxolotlPlaintextMessage {
+ private final AxolotlService.XmppAxolotlSession session;
+ private final String plaintext;
+
+ public XmppAxolotlPlaintextMessage(AxolotlService.XmppAxolotlSession session, String plaintext) {
+ this.session = session;
+ this.plaintext = plaintext;
+ }
+
+ public String getPlaintext() {
+ return plaintext;
+ }
+ }
+
+ public XmppAxolotlMessage(Contact contact, Element axolotlMessage) {
+ this.contact = contact;
+ this.sourceDeviceId = Integer.parseInt(axolotlMessage.getAttribute("id"));
+ this.headers = new HashSet<>();
+ for(Element child:axolotlMessage.getChildren()) {
+ switch(child.getName()) {
+ case "header":
+ headers.add(new XmppAxolotlMessageHeader(child));
+ break;
+ case "message":
+ iv = Base64.decode(child.getAttribute("iv"),Base64.DEFAULT);
+ ciphertext = Base64.decode(child.getContent(),Base64.DEFAULT);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ public XmppAxolotlMessage(Contact contact, int sourceDeviceId, String plaintext) {
+ this.contact = contact;
+ this.sourceDeviceId = sourceDeviceId;
+ this.headers = new HashSet<>();
+ this.encrypt(plaintext);
+ }
+
+ private void encrypt(String plaintext) {
+ try {
+ KeyGenerator generator = KeyGenerator.getInstance("AES");
+ generator.init(128);
+ SecretKey secretKey = generator.generateKey();
+ Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
+ cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+ this.innerKey = secretKey.getEncoded();
+ this.iv = cipher.getIV();
+ this.ciphertext = cipher.doFinal(plaintext.getBytes());
+ } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
+ | IllegalBlockSizeException | BadPaddingException e) {
+
+ }
+ }
+
+ public Contact getContact() {
+ return this.contact;
+ }
+
+ public int getSenderDeviceId() {
+ return sourceDeviceId;
+ }
+
+ public byte[] getCiphertext() {
+ return ciphertext;
+ }
+
+ public Set<XmppAxolotlMessageHeader> getHeaders() {
+ return headers;
+ }
+
+ public void addHeader(XmppAxolotlMessageHeader header) {
+ headers.add(header);
+ }
+
+ public byte[] getInnerKey(){
+ return innerKey;
+ }
+
+ public byte[] getIV() {
+ return this.iv;
+ }
+
+ public Element toXml() {
+ // TODO: generate outer XML, add in header XML
+ Element message= new Element("axolotl_message", AxolotlService.PEP_PREFIX);
+ message.setAttribute("id", sourceDeviceId);
+ for(XmppAxolotlMessageHeader header: headers) {
+ message.addChild(header.toXml());
+ }
+ Element payload = message.addChild("message");
+ payload.setAttribute("iv",Base64.encodeToString(iv, Base64.DEFAULT));
+ payload.setContent(Base64.encodeToString(ciphertext,Base64.DEFAULT));
+ return message;
+ }
+
+
+ public XmppAxolotlPlaintextMessage decrypt(AxolotlService.XmppAxolotlSession session, byte[] key) {
+ XmppAxolotlPlaintextMessage plaintextMessage = null;
+ try {
+
+ Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
+ SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+ IvParameterSpec ivSpec = new IvParameterSpec(iv);
+
+ cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
+
+ String plaintext = new String(cipher.doFinal(ciphertext));
+ plaintextMessage = new XmppAxolotlPlaintextMessage(session, plaintext);
+
+ } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
+ | InvalidAlgorithmParameterException | IllegalBlockSizeException
+ | BadPaddingException e) {
+ throw new AssertionError(e);
+ }
+ return plaintextMessage;
+ }
}
@@ -20,6 +20,7 @@ import java.util.concurrent.CopyOnWriteArraySet;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.OtrService;
+import eu.siacs.conversations.crypto.axolotl.AxolotlService;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.xmpp.XmppConnection;
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
@@ -122,6 +123,7 @@ public class Account extends AbstractEntity {
protected String avatar;
protected boolean online = false;
private OtrService mOtrService = null;
+ private AxolotlService axolotlService = null;
private XmppConnection xmppConnection = null;
private long mEndGracePeriod = 0L;
private String otrFingerprint;
@@ -281,8 +283,13 @@ public class Account extends AbstractEntity {
return values;
}
+ public AxolotlService getAxolotlService() {
+ return axolotlService;
+ }
+
public void initAccountServices(final XmppConnectionService context) {
this.mOtrService = new OtrService(context, this);
+ this.axolotlService = new AxolotlService(this, context);
}
public OtrService getOtrService() {
@@ -2,6 +2,7 @@ package eu.siacs.conversations.entities;
import android.content.ContentValues;
import android.database.Cursor;
+import android.util.Base64;
import android.util.Log;
import org.json.JSONArray;
@@ -349,20 +350,38 @@ public class Contact implements ListItem, Blockable {
}
}
- public List<IdentityKey> getTrustedAxolotlIdentityKeys() {
+ public List<IdentityKey> getAxolotlIdentityKeys() {
synchronized (this.keys) {
JSONArray serializedKeyItems = this.keys.optJSONArray("axolotl_identity_key");
List<IdentityKey> identityKeys = new ArrayList<>();
+ List<Integer> toDelete = new ArrayList<>();
if(serializedKeyItems != null) {
for(int i = 0; i<serializedKeyItems.length();++i) {
try {
String serializedKeyItem = serializedKeyItems.getString(i);
- IdentityKey identityKey = new IdentityKey(serializedKeyItem.getBytes(), 0);
+ IdentityKey identityKey = new IdentityKey(Base64.decode(serializedKeyItem, Base64.DEFAULT), 0);
identityKeys.add(identityKey);
} catch (InvalidKeyException e) {
- Log.e(Config.LOGTAG, "Invalid axolotl identity key encountered at" + this.getJid() + ": " + e.getMessage());
+ Log.e(Config.LOGTAG, "Invalid axolotl identity key encountered at contact" + this.getJid() + ": " + e.getMessage() + ", marking for deletion...");
+ toDelete.add(i);
} catch (JSONException e) {
- Log.e(Config.LOGTAG, "Error retrieving axolotl identity key at" + this.getJid() + ": " + e.getMessage());
+ Log.e(Config.LOGTAG, "Error retrieving axolotl identity key at contact " + this.getJid() + ": " + e.getMessage());
+ } catch (IllegalArgumentException e) {
+ Log.e(Config.LOGTAG, "Encountered malformed identity key for contact" + this.getJid() + ": " + e.getMessage() + ", marking for deletion... ");
+ toDelete.add(i);
+ }
+ }
+ if(!toDelete.isEmpty()) {
+ try {
+ JSONArray filteredKeyItems = new JSONArray();
+ for (int i = 0; i < serializedKeyItems.length(); ++i) {
+ if (!toDelete.contains(i)) {
+ filteredKeyItems.put(serializedKeyItems.get(i));
+ }
+ }
+ this.keys.put("axolotl_identity_key", filteredKeyItems);
+ } catch (JSONException e) {
+ //should never happen
}
}
}
@@ -370,23 +389,28 @@ public class Contact implements ListItem, Blockable {
}
}
- public boolean addAxolotlIdentityKey(IdentityKey identityKey, boolean trusted) {
+ public boolean addAxolotlIdentityKey(IdentityKey identityKey) {
synchronized (this.keys) {
- JSONArray keysList;
- try {
- keysList = this.keys.getJSONArray("axolotl_identity_key");
- } catch (JSONException e) {
- keysList = new JSONArray();
- }
- keysList.put(new String(identityKey.serialize()));
- try {
- this.keys.put("axolotl_identity_key", keysList);
- } catch (JSONException e) {
- Log.e(Config.LOGTAG, "Error adding Identity Key to Contact " + this.getJid() + ": " + e.getMessage());
- return false;
- }
+ if(!getAxolotlIdentityKeys().contains(identityKey)) {
+ JSONArray keysList;
+ try {
+ keysList = this.keys.getJSONArray("axolotl_identity_key");
+ } catch (JSONException e) {
+ keysList = new JSONArray();
+ }
+
+ keysList.put(Base64.encodeToString(identityKey.serialize(), Base64.DEFAULT));
+ try {
+ this.keys.put("axolotl_identity_key", keysList);
+ } catch (JSONException e) {
+ Log.e(Config.LOGTAG, "Error adding Identity Key to Contact " + this.getJid() + ": " + e.getMessage());
+ return false;
+ }
+ return true;
+ } else {
+ return false;
+ }
}
- return true;
}
@@ -8,6 +8,7 @@ import java.net.URL;
import java.util.Arrays;
import eu.siacs.conversations.Config;
+import eu.siacs.conversations.crypto.axolotl.AxolotlService;
import eu.siacs.conversations.utils.GeoHelper;
import eu.siacs.conversations.utils.MimeUtils;
import eu.siacs.conversations.utils.UIHelper;
@@ -34,6 +35,7 @@ public class Message extends AbstractEntity {
public static final int ENCRYPTION_OTR = 2;
public static final int ENCRYPTION_DECRYPTED = 3;
public static final int ENCRYPTION_DECRYPTION_FAILED = 4;
+ public static final int ENCRYPTION_AXOLOTL = 5;
public static final int TYPE_TEXT = 0;
public static final int TYPE_IMAGE = 1;
@@ -65,7 +67,7 @@ public class Message extends AbstractEntity {
protected int encryption;
protected int status;
protected int type;
- private boolean isTrusted = true;
+ private AxolotlService.XmppAxolotlSession axolotlSession = null;
protected String relativeFilePath;
protected boolean read = true;
protected String remoteMsgId = null;
@@ -665,15 +667,7 @@ public class Message extends AbstractEntity {
public int height = 0;
}
- public void trust() {
- this.isTrusted = true;
- }
-
- public void distrust() {
- this.isTrusted = false;
- }
-
public boolean isTrusted() {
- return this.isTrusted;
+ return this.axolotlSession != null && this.axolotlSession.isTrusted();
}
}
@@ -1,5 +1,19 @@
package eu.siacs.conversations.persistance;
+import android.content.ContentValues;
+import android.content.Context;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteCantOpenDatabaseException;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteOpenHelper;
+import android.util.Base64;
+import android.util.Log;
+
+import org.whispersystems.libaxolotl.AxolotlAddress;
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.SessionRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@@ -15,25 +29,12 @@ import eu.siacs.conversations.entities.Roster;
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
import eu.siacs.conversations.xmpp.jid.Jid;
-import android.content.ContentValues;
-import android.content.Context;
-import android.database.Cursor;
-import android.database.sqlite.SQLiteCantOpenDatabaseException;
-import android.database.sqlite.SQLiteDatabase;
-import android.database.sqlite.SQLiteOpenHelper;
-import android.util.Log;
-
-import org.whispersystems.libaxolotl.AxolotlAddress;
-import org.whispersystems.libaxolotl.state.PreKeyRecord;
-import org.whispersystems.libaxolotl.state.SessionRecord;
-import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
-
public class DatabaseBackend extends SQLiteOpenHelper {
private static DatabaseBackend instance = null;
private static final String DATABASE_NAME = "history";
- private static final int DATABASE_VERSION = 14;
+ private static final int DATABASE_VERSION = 15;
private static String CREATE_CONTATCS_STATEMENT = "create table "
+ Contact.TABLENAME + "(" + Contact.ACCOUNT + " TEXT, "
@@ -49,8 +50,9 @@ public class DatabaseBackend extends SQLiteOpenHelper {
private static String CREATE_PREKEYS_STATEMENT = "CREATE TABLE "
+ AxolotlService.SQLiteAxolotlStore.PREKEY_TABLENAME + "("
+ + AxolotlService.SQLiteAxolotlStore.ACCOUNT + " TEXT, "
+ AxolotlService.SQLiteAxolotlStore.ID + " INTEGER, "
- + AxolotlService.SQLiteAxolotlStore.KEY + "TEXT, FOREIGN KEY("
+ + AxolotlService.SQLiteAxolotlStore.KEY + " TEXT, FOREIGN KEY("
+ AxolotlService.SQLiteAxolotlStore.ACCOUNT
+ ") REFERENCES " + Account.TABLENAME + "(" + Account.UUID + ") ON DELETE CASCADE, "
+ "UNIQUE( " + AxolotlService.SQLiteAxolotlStore.ACCOUNT + ", "
@@ -60,8 +62,9 @@ public class DatabaseBackend extends SQLiteOpenHelper {
private static String CREATE_SIGNED_PREKEYS_STATEMENT = "CREATE TABLE "
+ AxolotlService.SQLiteAxolotlStore.SIGNED_PREKEY_TABLENAME + "("
+ + AxolotlService.SQLiteAxolotlStore.ACCOUNT + " TEXT, "
+ AxolotlService.SQLiteAxolotlStore.ID + " INTEGER, "
- + AxolotlService.SQLiteAxolotlStore.KEY + "TEXT, FOREIGN KEY("
+ + AxolotlService.SQLiteAxolotlStore.KEY + " TEXT, FOREIGN KEY("
+ AxolotlService.SQLiteAxolotlStore.ACCOUNT
+ ") REFERENCES " + Account.TABLENAME + "(" + Account.UUID + ") ON DELETE CASCADE, "
+ "UNIQUE( " + AxolotlService.SQLiteAxolotlStore.ACCOUNT + ", "
@@ -71,13 +74,16 @@ public class DatabaseBackend extends SQLiteOpenHelper {
private static String CREATE_SESSIONS_STATEMENT = "CREATE TABLE "
+ AxolotlService.SQLiteAxolotlStore.SESSION_TABLENAME + "("
+ + AxolotlService.SQLiteAxolotlStore.ACCOUNT + " TEXT, "
+ AxolotlService.SQLiteAxolotlStore.NAME + " TEXT, "
- + AxolotlService.SQLiteAxolotlStore.DEVICE_ID+ " INTEGER, "
- + AxolotlService.SQLiteAxolotlStore.KEY + "TEXT, FOREIGN KEY("
+ + AxolotlService.SQLiteAxolotlStore.DEVICE_ID + " INTEGER, "
+ + AxolotlService.SQLiteAxolotlStore.TRUSTED + " INTEGER, "
+ + AxolotlService.SQLiteAxolotlStore.KEY + " TEXT, FOREIGN KEY("
+ AxolotlService.SQLiteAxolotlStore.ACCOUNT
+ ") REFERENCES " + Account.TABLENAME + "(" + Account.UUID + ") ON DELETE CASCADE, "
+ "UNIQUE( " + AxolotlService.SQLiteAxolotlStore.ACCOUNT + ", "
- + AxolotlService.SQLiteAxolotlStore.NAME
+ + AxolotlService.SQLiteAxolotlStore.NAME + ", "
+ + AxolotlService.SQLiteAxolotlStore.DEVICE_ID
+ ") ON CONFLICT REPLACE"
+");";
@@ -257,6 +263,14 @@ public class DatabaseBackend extends SQLiteOpenHelper {
}
cursor.close();
}
+ if (oldVersion < 15 && newVersion >= 15) {
+ db.execSQL("DROP TABLE IF EXISTS " + AxolotlService.SQLiteAxolotlStore.SESSION_TABLENAME);
+ db.execSQL(CREATE_SESSIONS_STATEMENT);
+ db.execSQL("DROP TABLE IF EXISTS " + AxolotlService.SQLiteAxolotlStore.PREKEY_TABLENAME);
+ db.execSQL(CREATE_PREKEYS_STATEMENT);
+ db.execSQL("DROP TABLE IF EXISTS " + AxolotlService.SQLiteAxolotlStore.SIGNED_PREKEY_TABLENAME);
+ db.execSQL(CREATE_SIGNED_PREKEYS_STATEMENT);
+ }
}
public static synchronized DatabaseBackend getInstance(Context context) {
@@ -547,7 +561,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
if(cursor.getCount() != 0) {
cursor.moveToFirst();
try {
- session = new SessionRecord(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)).getBytes());
+ session = new SessionRecord(Base64.decode(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)),Base64.DEFAULT));
} catch (IOException e) {
throw new AssertionError(e);
}
@@ -590,7 +604,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
ContentValues values = new ContentValues();
values.put(AxolotlService.SQLiteAxolotlStore.NAME, contact.getName());
values.put(AxolotlService.SQLiteAxolotlStore.DEVICE_ID, contact.getDeviceId());
- values.put(AxolotlService.SQLiteAxolotlStore.KEY, session.serialize());
+ values.put(AxolotlService.SQLiteAxolotlStore.KEY, Base64.encodeToString(session.serialize(),Base64.DEFAULT));
values.put(AxolotlService.SQLiteAxolotlStore.ACCOUNT, account.getUuid());
db.insert(AxolotlService.SQLiteAxolotlStore.SESSION_TABLENAME, null, values);
}
@@ -616,6 +630,28 @@ public class DatabaseBackend extends SQLiteOpenHelper {
args);
}
+ public boolean isTrustedSession(Account account, AxolotlAddress contact) {
+ boolean trusted = false;
+ Cursor cursor = getCursorForSession(account, contact);
+ if(cursor.getCount() != 0) {
+ cursor.moveToFirst();
+ trusted = cursor.getInt(cursor.getColumnIndex(
+ AxolotlService.SQLiteAxolotlStore.TRUSTED)) > 0;
+ }
+ cursor.close();
+ return trusted;
+ }
+
+ public void setTrustedSession(Account account, AxolotlAddress contact, boolean trusted) {
+ SQLiteDatabase db = this.getWritableDatabase();
+ ContentValues values = new ContentValues();
+ values.put(AxolotlService.SQLiteAxolotlStore.NAME, contact.getName());
+ values.put(AxolotlService.SQLiteAxolotlStore.DEVICE_ID, contact.getDeviceId());
+ values.put(AxolotlService.SQLiteAxolotlStore.ACCOUNT, account.getUuid());
+ values.put(AxolotlService.SQLiteAxolotlStore.TRUSTED, trusted?1:0);
+ db.insert(AxolotlService.SQLiteAxolotlStore.SESSION_TABLENAME, null, values);
+ }
+
private Cursor getCursorForPreKey(Account account, int preKeyId) {
SQLiteDatabase db = this.getReadableDatabase();
String[] columns = {AxolotlService.SQLiteAxolotlStore.KEY};
@@ -636,7 +672,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
if(cursor.getCount() != 0) {
cursor.moveToFirst();
try {
- record = new PreKeyRecord(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)).getBytes());
+ record = new PreKeyRecord(Base64.decode(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)),Base64.DEFAULT));
} catch (IOException e ) {
throw new AssertionError(e);
}
@@ -656,7 +692,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
SQLiteDatabase db = this.getWritableDatabase();
ContentValues values = new ContentValues();
values.put(AxolotlService.SQLiteAxolotlStore.ID, record.getId());
- values.put(AxolotlService.SQLiteAxolotlStore.KEY, record.serialize());
+ values.put(AxolotlService.SQLiteAxolotlStore.KEY, Base64.encodeToString(record.serialize(),Base64.DEFAULT));
values.put(AxolotlService.SQLiteAxolotlStore.ACCOUNT, account.getUuid());
db.insert(AxolotlService.SQLiteAxolotlStore.PREKEY_TABLENAME, null, values);
}
@@ -685,11 +721,11 @@ public class DatabaseBackend extends SQLiteOpenHelper {
public SignedPreKeyRecord loadSignedPreKey(Account account, int signedPreKeyId) {
SignedPreKeyRecord record = null;
- Cursor cursor = getCursorForPreKey(account, signedPreKeyId);
+ Cursor cursor = getCursorForSignedPreKey(account, signedPreKeyId);
if(cursor.getCount() != 0) {
cursor.moveToFirst();
try {
- record = new SignedPreKeyRecord(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)).getBytes());
+ record = new SignedPreKeyRecord(Base64.decode(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)),Base64.DEFAULT));
} catch (IOException e ) {
throw new AssertionError(e);
}
@@ -711,7 +747,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
while(cursor.moveToNext()) {
try {
- prekeys.add(new SignedPreKeyRecord(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)).getBytes()));
+ prekeys.add(new SignedPreKeyRecord(Base64.decode(cursor.getString(cursor.getColumnIndex(AxolotlService.SQLiteAxolotlStore.KEY)), Base64.DEFAULT)));
} catch (IOException ignored) {
}
}
@@ -729,7 +765,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
SQLiteDatabase db = this.getWritableDatabase();
ContentValues values = new ContentValues();
values.put(AxolotlService.SQLiteAxolotlStore.ID, record.getId());
- values.put(AxolotlService.SQLiteAxolotlStore.KEY, record.serialize());
+ values.put(AxolotlService.SQLiteAxolotlStore.KEY, Base64.encodeToString(record.serialize(),Base64.DEFAULT));
values.put(AxolotlService.SQLiteAxolotlStore.ACCOUNT, account.getUuid());
db.insert(AxolotlService.SQLiteAxolotlStore.SIGNED_PREKEY_TABLENAME, null, values);
}
@@ -52,6 +52,7 @@ import de.duenndns.ssl.MemorizingTrustManager;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.PgpEngine;
+import eu.siacs.conversations.crypto.axolotl.NoSessionsCreatedException;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.entities.Blockable;
import eu.siacs.conversations.entities.Bookmark;
@@ -273,7 +274,11 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
}
}
syncDirtyContacts(account);
- scheduleWakeUpCall(Config.PING_MAX_INTERVAL,account.getUuid().hashCode());
+ account.getAxolotlService().publishOwnDeviceIdIfNeeded();
+ account.getAxolotlService().publishBundleIfNeeded();
+ account.getAxolotlService().publishPreKeysIfNeeded();
+
+ scheduleWakeUpCall(Config.PING_MAX_INTERVAL, account.getUuid().hashCode());
} else if (account.getStatus() == Account.State.OFFLINE) {
resetSendingToWaiting(account);
if (!account.isOptionSet(Account.OPTION_DISABLED)) {