SignalOmemoRatchet.java

  1. /**
  2.  *
  3.  * Copyright 2017 Paul Schaub
  4.  *
  5.  * This file is part of smack-omemo-signal.
  6.  *
  7.  * smack-omemo-signal is free software; you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License as published by
  9.  * the Free Software Foundation; either version 3 of the License, or
  10.  * (at your option) any later version.
  11.  *
  12.  * This program is distributed in the hope that it will be useful,
  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15.  * GNU General Public License for more details.
  16.  *
  17.  * You should have received a copy of the GNU General Public License
  18.  * along with this program; if not, write to the Free Software Foundation,
  19.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
  20.  */
  21. package org.jivesoftware.smackx.omemo.signal;

  23. import java.io.IOException;
  24. import java.util.logging.Level;
  25. import java.util.logging.Logger;

  27. import org.jivesoftware.smackx.omemo.OmemoManager;
  28. import org.jivesoftware.smackx.omemo.OmemoRatchet;
  29. import org.jivesoftware.smackx.omemo.OmemoStore;
  30. import org.jivesoftware.smackx.omemo.element.OmemoElement;
  31. import org.jivesoftware.smackx.omemo.exceptions.CorruptedOmemoKeyException;
  32. import org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException;
  33. import org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException;
  34. import org.jivesoftware.smackx.omemo.exceptions.UntrustedOmemoIdentityException;
  35. import org.jivesoftware.smackx.omemo.internal.CiphertextTuple;
  36. import org.jivesoftware.smackx.omemo.internal.OmemoDevice;

  38. import org.whispersystems.libsignal.DuplicateMessageException;
  39. import org.whispersystems.libsignal.IdentityKey;
  40. import org.whispersystems.libsignal.IdentityKeyPair;
  41. import org.whispersystems.libsignal.InvalidKeyException;
  42. import org.whispersystems.libsignal.InvalidKeyIdException;
  43. import org.whispersystems.libsignal.InvalidMessageException;
  44. import org.whispersystems.libsignal.InvalidVersionException;
  45. import org.whispersystems.libsignal.LegacyMessageException;
  46. import org.whispersystems.libsignal.NoSessionException;
  47. import org.whispersystems.libsignal.SessionCipher;
  48. import org.whispersystems.libsignal.SignalProtocolAddress;
  49. import org.whispersystems.libsignal.UntrustedIdentityException;
  50. import org.whispersystems.libsignal.ecc.ECPublicKey;
  51. import org.whispersystems.libsignal.protocol.CiphertextMessage;
  52. import org.whispersystems.libsignal.protocol.PreKeySignalMessage;
  53. import org.whispersystems.libsignal.protocol.SignalMessage;
  54. import org.whispersystems.libsignal.state.PreKeyBundle;
  55. import org.whispersystems.libsignal.state.PreKeyRecord;
  56. import org.whispersystems.libsignal.state.SessionRecord;
  57. import org.whispersystems.libsignal.state.SignedPreKeyRecord;

  59. public class SignalOmemoRatchet
  60.         extends OmemoRatchet<IdentityKeyPair, IdentityKey, PreKeyRecord, SignedPreKeyRecord, SessionRecord,
  61.                 SignalProtocolAddress, ECPublicKey, PreKeyBundle, SessionCipher> {

  63.     private static final Logger LOGGER = Logger.getLogger(OmemoRatchet.class.getName());
  64.     private final SignalOmemoStoreConnector storeConnector;

  66.     SignalOmemoRatchet(OmemoManager omemoManager,
  67.                               OmemoStore<IdentityKeyPair, IdentityKey, PreKeyRecord, SignedPreKeyRecord,
  68.                                              SessionRecord, SignalProtocolAddress, ECPublicKey, PreKeyBundle,
  69.                                              SessionCipher> store) {
  70.         super(omemoManager, store);
  71.         this.storeConnector = new SignalOmemoStoreConnector(omemoManager, store);
  72.     }

  74.     @Override
  75.     public byte[] doubleRatchetDecrypt(OmemoDevice sender, byte[] encryptedKey)
  76.             throws CorruptedOmemoKeyException, NoRawSessionException, CryptoFailedException,
  77.             UntrustedOmemoIdentityException, IOException {

  79.         SessionCipher cipher = getCipher(sender);
  80.         byte[] decryptedKey;

  82.         // Try to handle the message as a PreKeySignalMessage...
  83.         try {
  84.             PreKeySignalMessage preKeyMessage = new PreKeySignalMessage(encryptedKey);

  86.             if (!preKeyMessage.getPreKeyId().isPresent()) {
  87.                 throw new CryptoFailedException("PreKeyMessage did not contain a preKeyId.");
  88.             }

  90.             IdentityKey messageIdentityKey = preKeyMessage.getIdentityKey();
  91.             IdentityKey previousIdentityKey = store.loadOmemoIdentityKey(storeConnector.getOurDevice(), sender);

  93.             if (previousIdentityKey != null &&
  94.                     !previousIdentityKey.getFingerprint().equals(messageIdentityKey.getFingerprint())) {
  95.                 throw new UntrustedOmemoIdentityException(sender,
  96.                         store.keyUtil().getFingerprintOfIdentityKey(previousIdentityKey),
  97.                         store.keyUtil().getFingerprintOfIdentityKey(messageIdentityKey));
  98.             }

  100.             try {
  101.                 decryptedKey = cipher.decrypt(preKeyMessage);
  102.             }
  103.             catch (UntrustedIdentityException e) {
  104.                 throw new AssertionError("Signals trust management MUST be disabled.");
  105.             }
  106.             catch (LegacyMessageException | InvalidKeyException e) {
  107.                 throw new CryptoFailedException(e);
  108.             }
  109.             catch (InvalidKeyIdException e) {
  110.                 throw new NoRawSessionException(sender, e);
  111.             }
  112.             catch (DuplicateMessageException e) {
  113.                 LOGGER.log(Level.INFO, "Decryption of PreKeyMessage from " + sender +
  114.                         " failed, since the message has been decrypted before.");
  115.                 return null;
  116.             }

  118.         } catch (InvalidVersionException | InvalidMessageException noPreKeyMessage) {
  119.             // ...if that fails, handle it as a SignalMessage
  120.             try {
  121.                 SignalMessage message = new SignalMessage(encryptedKey);
  122.                 decryptedKey = getCipher(sender).decrypt(message);
  123.             }
  124.             catch (UntrustedIdentityException e) {
  125.                 throw new AssertionError("Signals trust management MUST be disabled.");
  126.             }
  127.             catch (InvalidMessageException | NoSessionException e) {
  128.                 throw new NoRawSessionException(sender, e);
  129.             }
  130.             catch (LegacyMessageException e) {
  131.                 throw new CryptoFailedException(e);
  132.             }
  133.             catch (DuplicateMessageException e1) {
  134.                 LOGGER.log(Level.INFO, "Decryption of SignalMessage from " + sender +
  135.                         " failed, since the message has been decrypted before.");
  136.                 return null;
  137.             }
  138.         }

  140.         return decryptedKey;
  141.     }

  143.     @Override
  144.     public CiphertextTuple doubleRatchetEncrypt(OmemoDevice recipient, byte[] messageKey) {
  145.         CiphertextMessage ciphertextMessage;
  146.         try {
  147.             ciphertextMessage = getCipher(recipient).encrypt(messageKey);
  148.         } catch (UntrustedIdentityException e) {
  149.             throw new AssertionError("Signals trust management MUST be disabled.");
  150.         }

  152.         int type = ciphertextMessage.getType() == CiphertextMessage.PREKEY_TYPE ?
  153.                 OmemoElement.TYPE_OMEMO_PREKEY_MESSAGE : OmemoElement.TYPE_OMEMO_MESSAGE;

  155.         return new CiphertextTuple(ciphertextMessage.serialize(), type);
  156.     }

  158.     private SessionCipher getCipher(OmemoDevice device) {
  159.         return new SessionCipher(storeConnector, storeConnector, storeConnector, storeConnector,
  160.                 SignalOmemoStoreConnector.asAddress(device));
  161.     }
  162. }
Created with JaCoCo 0.8.6.202009150832