/**
* Construct a group session for sending messages.
*
* @param senderKeyName The (groupId, senderId, deviceId) tuple. In this case, 'senderId' should be the caller.
* @return A SenderKeyDistributionMessage that is individually distributed to each member of the group.
*/
public SenderKeyDistributionMessage create(SenderKeyName senderKeyName)
{
lock (GroupCipher.LOCK)
{
try
{
SenderKeyRecord senderKeyRecord = senderKeyStore.loadSenderKey(senderKeyName);
if (senderKeyRecord.isEmpty())
{
senderKeyRecord.setSenderKeyState(KeyHelper.generateSenderKeyId(),
0,
KeyHelper.generateSenderKey(),
KeyHelper.generateSenderSigningKey());
senderKeyStore.storeSenderKey(senderKeyName, senderKeyRecord);
}
SenderKeyState state = senderKeyRecord.getSenderKeyState();
return(new SenderKeyDistributionMessage(state.getKeyId(),
state.getSenderChainKey().getIteration(),
state.getSenderChainKey().getSeed(),
state.getSigningKeyPublic()));
}
catch (InvalidKeyIdException e)
{
throw new Exception(e.Message);
}
catch (InvalidKeyException e)
{
throw new Exception(e.Message);
}
}
}
/**
* Encrypt a message.
*
* @param paddedPlaintext The plaintext message bytes, optionally padded.
* @return Ciphertext.
* @throws NoSessionException
*/
public byte[] encrypt(byte[] paddedPlaintext)
{
lock (LOCK)
{
try
{
SenderKeyRecord record = senderKeyStore.loadSenderKey(senderKeyId);
SenderKeyState senderKeyState = record.getSenderKeyState();
SenderMessageKey senderKey = senderKeyState.getSenderChainKey().getSenderMessageKey();
byte[] ciphertext = getCipherText(senderKey.getIv(), senderKey.getCipherKey(), paddedPlaintext);
SenderKeyMessage senderKeyMessage = new SenderKeyMessage(senderKeyState.getKeyId(),
senderKey.getIteration(),
ciphertext,
senderKeyState.getSigningKeyPrivate());
senderKeyState.setSenderChainKey(senderKeyState.getSenderChainKey().getNext());
senderKeyStore.storeSenderKey(senderKeyId, record);
return(senderKeyMessage.serialize());
}
catch (InvalidKeyIdException e)
{
throw new NoSessionException(e);
}
}
}
private SenderMessageKey getSenderKey(SenderKeyState senderKeyState, uint iteration)
{
SenderChainKey senderChainKey = senderKeyState.getSenderChainKey();
if (senderChainKey.getIteration() > iteration)
{
if (senderKeyState.hasSenderMessageKey(iteration))
{
return(senderKeyState.removeSenderMessageKey(iteration));
}
else
{
throw new DuplicateMessageException("Received message with old counter: " +
senderChainKey.getIteration() + " , " + iteration);
}
}
//Avoiding a uint overflow
uint senderChainKeyIteration = senderChainKey.getIteration();
if ((iteration > senderChainKeyIteration) && (iteration - senderChainKeyIteration > 2000))
{
throw new InvalidMessageException("Over 2000 messages into the future!");
}
while (senderChainKey.getIteration() < iteration)
{
senderKeyState.addSenderMessageKey(senderChainKey.getSenderMessageKey());
senderChainKey = senderChainKey.getNext();
}
senderKeyState.setSenderChainKey(senderChainKey.getNext());
return(senderChainKey.getSenderMessageKey());
}
/**
* Construct a group session for sending messages.
*
* @param senderKeyName The (groupId, senderId, deviceId) tuple. In this case, 'senderId' should be the caller.
* @return A SenderKeyDistributionMessage that is individually distributed to each member of the group.
*/
public SenderKeyDistributionMessage Create(SenderKeyName senderKeyName)
{
lock (GroupCipher.Lock)
{
try
{
SenderKeyRecord senderKeyRecord = _senderKeyStore.LoadSenderKey(senderKeyName);
if (senderKeyRecord.IsEmpty())
{
senderKeyRecord.SetSenderKeyState(KeyHelper.GenerateSenderKeyId(),
0,
KeyHelper.GenerateSenderKey(),
KeyHelper.GenerateSenderSigningKey());
_senderKeyStore.StoreSenderKey(senderKeyName, senderKeyRecord);
}
SenderKeyState state = senderKeyRecord.GetSenderKeyState();
return(new SenderKeyDistributionMessage(state.GetKeyId(),
state.GetSenderChainKey().GetIteration(),
state.GetSenderChainKey().GetSeed(),
state.GetSigningKeyPublic()));
}
catch (Exception e) when(e is InvalidKeyIdException || e is InvalidKeyException)
{
throw new Exception(e.Message);
}
}
}
/**
* Decrypt a SenderKey group message.
*
* @param senderKeyMessageBytes The received ciphertext.
* @param callback A callback that is triggered after decryption is complete,
* but before the updated session state has been committed to the session
* DB. This allows some implementations to store the committed plaintext
* to a DB first, in case they are concerned with a crash happening between
* the time the session state is updated but before they're able to store
* the plaintext to disk.
* @return Plaintext
* @throws LegacyMessageException
* @throws InvalidMessageException
* @throws DuplicateMessageException
*/
public byte[] Decrypt(byte[] senderKeyMessageBytes, IDecryptionCallback callback)
{
lock (Lock)
{
try
{
SenderKeyRecord record = _senderKeyStore.LoadSenderKey(_senderKeyId);
if (record.IsEmpty())
{
throw new NoSessionException("No sender key for: " + _senderKeyId);
}
SenderKeyMessage senderKeyMessage = new SenderKeyMessage(senderKeyMessageBytes);
SenderKeyState senderKeyState = record.GetSenderKeyState(senderKeyMessage.GetKeyId());
senderKeyMessage.VerifySignature(senderKeyState.GetSigningKeyPublic());
SenderMessageKey senderKey = GetSenderKey(senderKeyState, senderKeyMessage.GetIteration());
byte[] plaintext = GetPlainText(senderKey.GetIv(), senderKey.GetCipherKey(), senderKeyMessage.GetCipherText());
callback.HandlePlaintext(plaintext);
_senderKeyStore.StoreSenderKey(_senderKeyId, record);
return(plaintext);
}
catch (Exception e) when(e is InvalidKeyException || e is InvalidKeyIdException)
{
throw new InvalidMessageException(e);
}
}
}
/**
* Decrypt a SenderKey group message.
*
* @param senderKeyMessageBytes The received ciphertext.
* @param callback A callback that is triggered after decryption is complete,
* but before the updated session state has been committed to the session
* DB. This allows some implementations to store the committed plaintext
* to a DB first, in case they are concerned with a crash happening between
* the time the session state is updated but before they're able to store
* the plaintext to disk.
* @return Plaintext
* @throws LegacyMessageException
* @throws InvalidMessageException
* @throws DuplicateMessageException
*/
public byte[] decrypt(byte[] senderKeyMessageBytes, DecryptionCallback callback)
{
lock (LOCK)
{
try
{
SenderKeyRecord record = senderKeyStore.loadSenderKey(senderKeyId);
if (record.isEmpty())
{
throw new NoSessionException("No sender key for: " + senderKeyId);
}
SenderKeyMessage senderKeyMessage = new SenderKeyMessage(senderKeyMessageBytes);
SenderKeyState senderKeyState = record.getSenderKeyState(senderKeyMessage.getKeyId());
senderKeyMessage.verifySignature(senderKeyState.getSigningKeyPublic());
SenderMessageKey senderKey = getSenderKey(senderKeyState, senderKeyMessage.getIteration());
byte[] plaintext = getPlainText(senderKey.getIv(), senderKey.getCipherKey(), senderKeyMessage.getCipherText());
callback.handlePlaintext(plaintext);
senderKeyStore.storeSenderKey(senderKeyId, record);
return(plaintext);
}
catch (InvalidKeyException e)
{
throw new InvalidMessageException(e);
}
catch (InvalidKeyIdException e)
{
throw new InvalidMessageException(e);
}
}
}
