/**
* Encrypt a message.
*
* @param paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
* @return A ciphertext message encrypted to the recipient+device tuple.
*/
public CiphertextMessage Encrypt(byte[] paddedMessage)
{
lock (SessionLock)
{
SessionRecord sessionRecord = _sessionStore.LoadSession(_remoteAddress);
SessionState sessionState = sessionRecord.GetSessionState();
ChainKey chainKey = sessionState.GetSenderChainKey();
MessageKeys messageKeys = chainKey.GetMessageKeys();
IEcPublicKey senderEphemeral = sessionState.GetSenderRatchetKey();
uint previousCounter = sessionState.GetPreviousCounter();
uint sessionVersion = sessionState.GetSessionVersion();
byte[] ciphertextBody = GetCiphertext(sessionVersion, messageKeys, paddedMessage);
CiphertextMessage ciphertextMessage = new SignalMessage(sessionVersion, messageKeys.GetMacKey(),
senderEphemeral, chainKey.GetIndex(),
previousCounter, ciphertextBody,
sessionState.GetLocalIdentityKey(),
sessionState.GetRemoteIdentityKey());
if (sessionState.HasUnacknowledgedPreKeyMessage())
{
SessionState.UnacknowledgedPreKeyMessageItems items = sessionState.GetUnacknowledgedPreKeyMessageItems();
uint localRegistrationId = sessionState.GetLocalRegistrationId();
ciphertextMessage = new PreKeySignalMessage(sessionVersion, localRegistrationId, items.GetPreKeyId(),
items.GetSignedPreKeyId(), items.GetBaseKey(),
sessionState.GetLocalIdentityKey(),
(SignalMessage)ciphertextMessage);
}
sessionState.SetSenderChainKey(chainKey.GetNextChainKey());
_sessionStore.StoreSession(_remoteAddress, sessionRecord);
return(ciphertextMessage);
}
}
public void T_GetRandomKey_WithParams()
{
WordGenerator gen = InitSimpleWordGen();
ChainMap subMap = new ChainMap();
ChainKey key1 = new ChainKey(new string[] { "key1", "key2", "key3" });
ChainKey key2 = new ChainKey(new string[] { "key1", "key2", "key4" });
subMap.AddToChain(key1, "val1");
subMap.AddToChain(key2, "val2");
bool key1Found, key2Found;
key1Found = key2Found = false;
for (int i = 0; i < 10; i++)
{
ChainKey currKey = gen.GetRandomKey(subMap);
if (key1.Equals(currKey))
{
key1Found = true;
}
else if (key2.Equals(currKey))
{
key2Found = true;
}
else
{
Assert.Fail("Invalid key returned");
}
}
if (!(key1Found && key2Found))
{
Assert.Fail("GetRandomKey is not random");
}
}
private MessageKeys GetOrCreateMessageKeys(SessionState sessionState,
IEcPublicKey theirEphemeral,
ChainKey chainKey, uint counter)
{
if (chainKey.GetIndex() > counter)
{
if (sessionState.HasMessageKeys(theirEphemeral, counter))
{
return(sessionState.RemoveMessageKeys(theirEphemeral, counter));
}
else
{
throw new DuplicateMessageException($"Received message with old counter: {chainKey.GetIndex()} , {counter}");
}
}
//Avoiding a uint overflow
uint chainKeyIndex = chainKey.GetIndex();
if ((counter > chainKeyIndex) && (counter - chainKeyIndex > 2000))
{
throw new InvalidMessageException("Over 2000 messages into the future!");
}
while (chainKey.GetIndex() < counter)
{
MessageKeys messageKeys = chainKey.GetMessageKeys();
sessionState.SetMessageKeys(theirEphemeral, messageKeys);
chainKey = chainKey.GetNextChainKey();
}
sessionState.SetReceiverChainKey(theirEphemeral, chainKey.GetNextChainKey());
return(chainKey.GetMessageKeys());
}
private byte[] decrypt(SessionState sessionState, WhisperMessage ciphertextMessage)
{
if (!sessionState.hasSenderChain())
{
throw new InvalidMessageException("Uninitialized session!");
}
if (ciphertextMessage.getMessageVersion() != sessionState.getSessionVersion())
{
throw new InvalidMessageException($"Message version {ciphertextMessage.getMessageVersion()}, but session version {sessionState.getSessionVersion()}");
}
uint messageVersion = ciphertextMessage.getMessageVersion();
ECPublicKey theirEphemeral = ciphertextMessage.getSenderRatchetKey();
uint counter = ciphertextMessage.getCounter();
ChainKey chainKey = getOrCreateChainKey(sessionState, theirEphemeral);
MessageKeys messageKeys = getOrCreateMessageKeys(sessionState, theirEphemeral,
chainKey, counter);
ciphertextMessage.verifyMac(messageVersion,
sessionState.getRemoteIdentityKey(),
sessionState.getLocalIdentityKey(),
messageKeys.getMacKey());
byte[] plaintext = getPlaintext(messageVersion, messageKeys, ciphertextMessage.getBody());
sessionState.clearUnacknowledgedPreKeyMessage();
return(plaintext);
}
private MessageKeys getOrCreateMessageKeys(SessionState sessionState,
ECPublicKey theirEphemeral,
ChainKey chainKey, uint counter)
{
if (chainKey.getIndex() > counter)
{
if (sessionState.hasMessageKeys(theirEphemeral, counter))
{
return(sessionState.removeMessageKeys(theirEphemeral, counter));
}
else
{
throw new DuplicateMessageException($"Received message with old counter: {chainKey.getIndex()} , {counter}");
}
}
if (counter - chainKey.getIndex() > 2000)
{
throw new InvalidMessageException("Over 2000 messages into the future!");
}
while (chainKey.getIndex() < counter)
{
MessageKeys messageKeys = chainKey.getMessageKeys();
sessionState.setMessageKeys(theirEphemeral, messageKeys);
chainKey = chainKey.getNextChainKey();
}
sessionState.setReceiverChainKey(theirEphemeral, chainKey.getNextChainKey());
return(chainKey.getMessageKeys());
}
/**
* Encrypt a message.
*
* @param paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
* @return A ciphertext message encrypted to the recipient+device tuple.
*/
public CiphertextMessage encrypt(byte[] paddedMessage)
{
lock (SESSION_LOCK)
{
SessionRecord sessionRecord = sessionStore.loadSession(remoteAddress);
SessionState sessionState = sessionRecord.getSessionState();
ChainKey chainKey = sessionState.getSenderChainKey();
MessageKeys messageKeys = chainKey.getMessageKeys();
ECPublicKey senderEphemeral = sessionState.getSenderRatchetKey();
uint previousCounter = sessionState.getPreviousCounter();
uint sessionVersion = sessionState.getSessionVersion();
byte[] ciphertextBody = getCiphertext(sessionVersion, messageKeys, paddedMessage);
CiphertextMessage ciphertextMessage = new WhisperMessage(sessionVersion, messageKeys.getMacKey(),
senderEphemeral, chainKey.getIndex(),
previousCounter, ciphertextBody,
sessionState.getLocalIdentityKey(),
sessionState.getRemoteIdentityKey());
if (sessionState.hasUnacknowledgedPreKeyMessage())
{
SessionState.UnacknowledgedPreKeyMessageItems items = sessionState.getUnacknowledgedPreKeyMessageItems();
uint localRegistrationId = sessionState.getLocalRegistrationId();
ciphertextMessage = new PreKeyWhisperMessage(sessionVersion, localRegistrationId, items.getPreKeyId(),
items.getSignedPreKeyId(), items.getBaseKey(),
sessionState.getLocalIdentityKey(),
(WhisperMessage)ciphertextMessage);
}
sessionState.setSenderChainKey(chainKey.getNextChainKey());
sessionStore.storeSession(remoteAddress, sessionRecord);
return(ciphertextMessage);
}
}
public void T_GetHashCode_SimpleDifferent()
{
ChainKey ck1 = new ChainKey(new string[] { "", "this" });
ChainKey ck2 = new ChainKey(new string[] { "do", "this" });
Assert.AreNotEqual(ck1.GetHashCode(), ck2.GetHashCode());
}
private byte[] Decrypt(SessionState sessionState, SignalMessage ciphertextMessage)
{
if (!sessionState.HasSenderChain())
{
throw new InvalidMessageException("Uninitialized session!");
}
if (sessionState.GetStructure().SenderChain.SenderRatchetKey.Length <= 0)
{
throw new InvalidMessageException("SenderRatchetKey is empty!");
}
if (ciphertextMessage.GetMessageVersion() != sessionState.GetSessionVersion())
{
throw new InvalidMessageException($"Message version {ciphertextMessage.GetMessageVersion()}, but session version {sessionState.GetSessionVersion()}");
}
IEcPublicKey theirEphemeral = ciphertextMessage.GetSenderRatchetKey();
uint counter = ciphertextMessage.GetCounter();
ChainKey chainKey = GetOrCreateChainKey(sessionState, theirEphemeral);
MessageKeys messageKeys = GetOrCreateMessageKeys(sessionState, theirEphemeral,
chainKey, counter);
ciphertextMessage.VerifyMac(sessionState.GetRemoteIdentityKey(),
sessionState.GetLocalIdentityKey(),
messageKeys.GetMacKey());
byte[] plaintext = GetPlaintext(messageKeys, ciphertextMessage.GetBody());
sessionState.ClearUnacknowledgedPreKeyMessage();
return(plaintext);
}
/// <summary>
/// Ratchets the a chain key.
/// Does this by appending 0x02 to and hashing the current key
/// And icrementing the chainkeyIndex
/// </summary>
/// <param name="key">Key.</param>
public static void RatchetChainKey(ChainKey key)
{
lock (key)
{
key.key = AdvanceKey(key.key);
key.index++;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="T:Coflnet.EndToEncEncrypt"/> class.
/// </summary>
/// <param name="sessionReceiveKey">Session receive key.</param>
/// <param name="sessionSendKey">Session send key.</param>
/// <param name="identifier">Identifier of the other resource.</param>
/// <param name="isServer">If set to <c>true</c> the current machine is the server (didn't start the connection).</param>
/// <param name="hasReceived">If set to <c>true</c> has received.</param>
public EndToEndEncrypt(ChainKey sessionReceiveKey, ChainKey sessionSendKey, EntityId identifier, bool isServer, bool hasReceived)
{
this.sessionReceiveKey = sessionReceiveKey;
this.sessionSendKey = sessionSendKey;
this.identifier = identifier;
this.isServer = isServer;
this.hasReceived = hasReceived;
}
public void AppendChain(ChainKey child, int clock)
{
//int parentLength = this.Length;
foreach (KeyValuePair <int, DffBitRecord> bitKeyEntry in child)
{
this.keys[bitKeyEntry.Key + clock] = bitKeyEntry.Value;
}
}
public void testChainKeyDerivationV3()
{
byte[] seed =
{
0x8a, 0xb7, 0x2d, 0x6f, 0x4c,
0xc5, 0xac, 0x0d, 0x38, 0x7e,
0xaf, 0x46, 0x33, 0x78, 0xdd,
0xb2, 0x8e, 0xdd, 0x07, 0x38,
0x5b, 0x1c, 0xb0, 0x12, 0x50,
0xc7, 0x15, 0x98, 0x2e, 0x7a,
0xd4, 0x8f
};
byte[] messageKey =
{
/* 0x02*/
0xbf, 0x51, 0xe9, 0xd7,
0x5e, 0x0e, 0x31, 0x03, 0x10,
0x51, 0xf8, 0x2a, 0x24, 0x91,
0xff, 0xc0, 0x84, 0xfa, 0x29,
0x8b, 0x77, 0x93, 0xbd, 0x9d,
0xb6, 0x20, 0x05, 0x6f, 0xeb,
0xf4, 0x52, 0x17
};
byte[] macKey =
{
0xc6, 0xc7, 0x7d, 0x6a, 0x73,
0xa3, 0x54, 0x33, 0x7a, 0x56,
0x43, 0x5e, 0x34, 0x60, 0x7d,
0xfe, 0x48, 0xe3, 0xac, 0xe1,
0x4e, 0x77, 0x31, 0x4d, 0xc6,
0xab, 0xc1, 0x72, 0xe7, 0xa7,
0x03, 0x0b
};
byte[] nextChainKey =
{
0x28, 0xe8, 0xf8, 0xfe, 0xe5,
0x4b, 0x80, 0x1e, 0xef, 0x7c,
0x5c, 0xfb, 0x2f, 0x17, 0xf3,
0x2c, 0x7b, 0x33, 0x44, 0x85,
0xbb, 0xb7, 0x0f, 0xac, 0x6e,
0xc1, 0x03, 0x42, 0xa2, 0x46,
0xd1, 0x5d
};
ChainKey chainKey = new ChainKey(HKDF.createFor(3), seed, 0);
CollectionAssert.AreEqual(seed, chainKey.getKey());
CollectionAssert.AreEqual(messageKey, chainKey.getMessageKeys().getCipherKey());
CollectionAssert.AreEqual(macKey, chainKey.getMessageKeys().getMacKey());
CollectionAssert.AreEqual(nextChainKey, chainKey.getNextChainKey().getKey());
Assert.AreEqual <uint>(0, chainKey.getIndex());
Assert.AreEqual <uint>(0, chainKey.getMessageKeys().getCounter());
Assert.AreEqual <uint>(1, chainKey.getNextChainKey().getIndex());
Assert.AreEqual <uint>(1, chainKey.getNextChainKey().getMessageKeys().getCounter());
}
public void testChainKeyDerivationV3()
{
byte[] seed =
{
(byte)0x8a, (byte)0xb7, (byte)0x2d, (byte)0x6f, (byte)0x4c,
(byte)0xc5, (byte)0xac, (byte)0x0d, (byte)0x38, (byte)0x7e,
(byte)0xaf, (byte)0x46, (byte)0x33, (byte)0x78, (byte)0xdd,
(byte)0xb2, (byte)0x8e, (byte)0xdd, (byte)0x07, (byte)0x38,
(byte)0x5b, (byte)0x1c, (byte)0xb0, (byte)0x12, (byte)0x50,
(byte)0xc7, (byte)0x15, (byte)0x98, (byte)0x2e, (byte)0x7a,
(byte)0xd4, (byte)0x8f
};
byte[] messageKey =
{
/* (byte) 0x02*/
(byte)0xbf, (byte)0x51, (byte)0xe9, (byte)0xd7,
(byte)0x5e, (byte)0x0e, (byte)0x31, (byte)0x03,(byte)0x10,
(byte)0x51, (byte)0xf8, (byte)0x2a, (byte)0x24,(byte)0x91,
(byte)0xff, (byte)0xc0, (byte)0x84, (byte)0xfa,(byte)0x29,
(byte)0x8b, (byte)0x77, (byte)0x93, (byte)0xbd,(byte)0x9d,
(byte)0xb6, (byte)0x20, (byte)0x05, (byte)0x6f,(byte)0xeb,
(byte)0xf4, (byte)0x52, (byte)0x17
};
byte[] macKey =
{
(byte)0xc6, (byte)0xc7, (byte)0x7d, (byte)0x6a, (byte)0x73,
(byte)0xa3, (byte)0x54, (byte)0x33, (byte)0x7a, (byte)0x56,
(byte)0x43, (byte)0x5e, (byte)0x34, (byte)0x60, (byte)0x7d,
(byte)0xfe, (byte)0x48, (byte)0xe3, (byte)0xac, (byte)0xe1,
(byte)0x4e, (byte)0x77, (byte)0x31, (byte)0x4d, (byte)0xc6,
(byte)0xab, (byte)0xc1, (byte)0x72, (byte)0xe7, (byte)0xa7,
(byte)0x03, (byte)0x0b
};
byte[] nextChainKey =
{
(byte)0x28, (byte)0xe8, (byte)0xf8, (byte)0xfe, (byte)0xe5,
(byte)0x4b, (byte)0x80, (byte)0x1e, (byte)0xef, (byte)0x7c,
(byte)0x5c, (byte)0xfb, (byte)0x2f, (byte)0x17, (byte)0xf3,
(byte)0x2c, (byte)0x7b, (byte)0x33, (byte)0x44, (byte)0x85,
(byte)0xbb, (byte)0xb7, (byte)0x0f, (byte)0xac, (byte)0x6e,
(byte)0xc1, (byte)0x03, (byte)0x42, (byte)0xa2, (byte)0x46,
(byte)0xd1, (byte)0x5d
};
ChainKey chainKey = new ChainKey(HKDF.createFor(3), seed, 0);
Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getKey(), seed));
Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getMessageKeys().getCipherKey(), messageKey));
Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getMessageKeys().getMacKey(), macKey));
Assert.IsTrue(StructuralComparisons.StructuralEqualityComparer.Equals(chainKey.getNextChainKey().getKey(), nextChainKey));
Assert.IsTrue(chainKey.getIndex() == 0);
Assert.IsTrue(chainKey.getMessageKeys().getCounter() == 0);
Assert.IsTrue(chainKey.getNextChainKey().getIndex() == 1);
Assert.IsTrue(chainKey.getNextChainKey().getMessageKeys().getCounter() == 1);
}
public void T_Equal()
{
ChainKey ck = new ChainKey(new string[] { "word1", "word2" });
ChainKey ckEqual = new ChainKey(new string[] { "word1", "word2" });
ChainKey ckReverse = new ChainKey(new string[] { "word2", "word1" });
Assert.AreEqual(ck, ckEqual);
Assert.AreNotEqual(ck, ckReverse);
}
public void testChainKeyDerivationV2()
{
byte[] seed =
{
0x8a, 0xb7, 0x2d, 0x6f, 0x4c,
0xc5, 0xac, 0x0d, 0x38, 0x7e,
0xaf, 0x46, 0x33, 0x78, 0xdd,
0xb2, 0x8e, 0xdd, 0x07, 0x38,
0x5b, 0x1c, 0xb0, 0x12, 0x50,
0xc7, 0x15, 0x98, 0x2e, 0x7a,
0xd4, 0x8f
};
byte[] messageKey =
{
0x02, 0xa9, 0xaa, 0x6c, 0x7d,
0xbd, 0x64, 0xf9, 0xd3, 0xaa,
0x92, 0xf9, 0x2a, 0x27, 0x7b,
0xf5, 0x46, 0x09, 0xda, 0xdf,
0x0b, 0x00, 0x82, 0x8a, 0xcf,
0xc6, 0x1e, 0x3c, 0x72, 0x4b,
0x84, 0xa7
};
byte[] macKey =
{
0xbf, 0xbe, 0x5e, 0xfb, 0x60,
0x30, 0x30, 0x52, 0x67, 0x42,
0xe3, 0xee, 0x89, 0xc7, 0x02,
0x4e, 0x88, 0x4e, 0x44, 0x0f,
0x1f, 0xf3, 0x76, 0xbb, 0x23,
0x17, 0xb2, 0xd6, 0x4d, 0xeb,
0x7c, 0x83
};
byte[] nextChainKey =
{
0x28, 0xe8, 0xf8, 0xfe, 0xe5,
0x4b, 0x80, 0x1e, 0xef, 0x7c,
0x5c, 0xfb, 0x2f, 0x17, 0xf3,
0x2c, 0x7b, 0x33, 0x44, 0x85,
0xbb, 0xb7, 0x0f, 0xac, 0x6e,
0xc1, 0x03, 0x42, 0xa2, 0x46,
0xd1, 0x5d
};
ChainKey chainKey = new ChainKey(HKDF.createFor(2), seed, 0);
Assert.AreEqual(seed, chainKey.getKey());
CollectionAssert.AreEqual(messageKey, chainKey.getMessageKeys().getCipherKey());
CollectionAssert.AreEqual(macKey, chainKey.getMessageKeys().getMacKey());
CollectionAssert.AreEqual(nextChainKey, chainKey.getNextChainKey().getKey());
Assert.AreEqual <uint>(0, chainKey.getIndex());
Assert.AreEqual <uint>(0, chainKey.getMessageKeys().getCounter());
Assert.AreEqual <uint>(1, chainKey.getNextChainKey().getIndex());
Assert.AreEqual <uint>(1, chainKey.getNextChainKey().getMessageKeys().getCounter());
}
public void T_GetHashCode_OrderMatters()
{
ChainKey ck = new ChainKey(new string[] { "word1", "word2" });
ChainKey ckEqual = new ChainKey(new string[] { "word1", "word2" });
ChainKey ckReverse = new ChainKey(new string[] { "word2", "word1" });
Assert.AreEqual(ck.GetHashCode(), ckEqual.GetHashCode());
Assert.AreNotEqual(ck.GetHashCode(), ckReverse.GetHashCode());
}
public void SetSenderChainKey(ChainKey nextChainKey)
{
SessionStructure.Types.Chain.Types.ChainKey chainKey = new SessionStructure.Types.Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(nextChainKey.GetKey()),
Index = nextChainKey.GetIndex()
};
_sessionStructure.SenderChain.ChainKey = chainKey;
}
public void setSenderChainKey(ChainKey nextChainKey)
{
Chain.Types.ChainKey chainKey = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(nextChainKey.getKey()))
.SetIndex(nextChainKey.getIndex())
.Build();
Chain chain = sessionStructure.SenderChain.ToBuilder()
.SetChainKey(chainKey).Build();
this.sessionStructure = this.sessionStructure.ToBuilder().SetSenderChain(chain).Build();
}
public void SetSenderChainKey(ChainKey nextChainKey)
{
StorageProtos.SessionStructure.Types.Chain.Types.ChainKey chainKey = StorageProtos.SessionStructure.Types.Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(nextChainKey.GetKey()))
.SetIndex(nextChainKey.GetIndex())
.Build();
StorageProtos.SessionStructure.Types.Chain chain = _sessionStructure.SenderChain.ToBuilder()
.SetChainKey(chainKey).Build();
_sessionStructure = _sessionStructure.ToBuilder().SetSenderChain(chain).Build();
}
public void SetSenderChain(EcKeyPair senderRatchetKeyPair, ChainKey chainKey)
{
StorageProtos.SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = StorageProtos.SessionStructure.Types.Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.GetKey()))
.SetIndex(chainKey.GetIndex())
.Build();
StorageProtos.SessionStructure.Types.Chain senderChain = StorageProtos.SessionStructure.Types.Chain.CreateBuilder()
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKeyPair.GetPublicKey().Serialize()))
.SetSenderRatchetKeyPrivate(ByteString.CopyFrom(senderRatchetKeyPair.GetPrivateKey().Serialize()))
.SetChainKey(chainKeyStructure)
.Build();
_sessionStructure = _sessionStructure.ToBuilder().SetSenderChain(senderChain).Build();
}
public void setSenderChain(ECKeyPair senderRatchetKeyPair, ChainKey chainKey)
{
Chain.Types.ChainKey chainKeyStructure = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.getKey()))
.SetIndex(chainKey.getIndex())
.Build();
Chain senderChain = Chain.CreateBuilder()
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKeyPair.getPublicKey().serialize()))
.SetSenderRatchetKeyPrivate(ByteString.CopyFrom(senderRatchetKeyPair.getPrivateKey().serialize()))
.SetChainKey(chainKeyStructure)
.Build();
this.sessionStructure = this.sessionStructure.ToBuilder().SetSenderChain(senderChain).Build();
}
public void setReceiverChainKey(ECPublicKey senderEphemeral, ChainKey chainKey)
{
Pair <Chain, uint> chainAndIndex = getReceiverChain(senderEphemeral);
Chain chain = chainAndIndex.first();
Chain.Types.ChainKey chainKeyStructure = new Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(chainKey.getKey()),
Index = chainKey.getIndex()
};
chain.ChainKey = chainKeyStructure;
sessionStructure.ReceiverChains[(int)chainAndIndex.second()] = chain;
}
public void SetReceiverChainKey(IEcPublicKey senderEphemeral, ChainKey chainKey)
{
Pair <SessionStructure.Types.Chain, uint> chainAndIndex = GetReceiverChain(senderEphemeral);
SessionStructure.Types.Chain chain = chainAndIndex.First();
SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = new SessionStructure.Types.Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(chainKey.GetKey()),
Index = chainKey.GetIndex()
};
chain.ChainKey = chainKeyStructure;
_sessionStructure.ReceiverChains[(int)chainAndIndex.Second()] = chain;
}
public void setReceiverChainKey(ECPublicKey senderEphemeral, ChainKey chainKey)
{
Pair <Chain, uint> chainAndIndex = getReceiverChain(senderEphemeral);
Chain chain = chainAndIndex.first();
Chain.Types.ChainKey chainKeyStructure = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.getKey()))
.SetIndex(chainKey.getIndex())
.Build();
Chain updatedChain = chain.ToBuilder().SetChainKey(chainKeyStructure).Build();
this.sessionStructure = this.sessionStructure.ToBuilder()
.SetReceiverChains((int)chainAndIndex.second(), updatedChain) // TODO: conv
.Build();
}
public void SetSenderChain(EcKeyPair senderRatchetKeyPair, ChainKey chainKey)
{
SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = new SessionStructure.Types.Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(chainKey.GetKey()),
Index = chainKey.GetIndex()
};
SessionStructure.Types.Chain senderChain = new SessionStructure.Types.Chain
{
SenderRatchetKey = ByteString.CopyFrom(senderRatchetKeyPair.GetPublicKey().Serialize()),
SenderRatchetKeyPrivate = ByteString.CopyFrom(senderRatchetKeyPair.GetPrivateKey().Serialize()),
ChainKey = chainKeyStructure
};
_sessionStructure.SenderChain = senderChain;
}
public void SetReceiverChainKey(IEcPublicKey senderEphemeral, ChainKey chainKey)
{
Pair <StorageProtos.SessionStructure.Types.Chain, uint> chainAndIndex = GetReceiverChain(senderEphemeral);
StorageProtos.SessionStructure.Types.Chain chain = chainAndIndex.First();
StorageProtos.SessionStructure.Types.Chain.Types.ChainKey chainKeyStructure = StorageProtos.SessionStructure.Types.Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.GetKey()))
.SetIndex(chainKey.GetIndex())
.Build();
StorageProtos.SessionStructure.Types.Chain updatedChain = chain.ToBuilder().SetChainKey(chainKeyStructure).Build();
_sessionStructure = _sessionStructure.ToBuilder()
.SetReceiverChains((int)chainAndIndex.Second(), updatedChain) // TODO: conv
.Build();
}
public void setSenderChain(ECKeyPair senderRatchetKeyPair, ChainKey chainKey)
{
Chain.Types.ChainKey chainKeyStructure = new Chain.Types.ChainKey
{
Key = ByteString.CopyFrom(chainKey.getKey()),
Index = chainKey.getIndex()
};
Chain senderChain = new Chain
{
SenderRatchetKey = ByteString.CopyFrom(senderRatchetKeyPair.getPublicKey().serialize()),
SenderRatchetKeyPrivate = ByteString.CopyFrom(senderRatchetKeyPair.getPrivateKey().serialize()),
ChainKey = chainKeyStructure
};
this.sessionStructure.SenderChain = senderChain;
}
public void addReceiverChain(ECPublicKey senderRatchetKey, ChainKey chainKey)
{
Chain.Types.ChainKey chainKeyStructure = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.getKey()))
.SetIndex(chainKey.getIndex())
.Build();
Chain chain = Chain.CreateBuilder()
.SetChainKey(chainKeyStructure)
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKey.serialize()))
.Build();
this.sessionStructure = this.sessionStructure.ToBuilder().AddReceiverChains(chain).Build();
if (this.sessionStructure.ReceiverChainsList.Count > 5)
{
this.sessionStructure = this.sessionStructure.ToBuilder() /*.ClearReceiverChains()*/.Build(); //RemoveReceiverChains(0) TODO: why does it work without
}
}
public void addReceiverChain(ECPublicKey senderRatchetKey, ChainKey chainKey)
{
Chain.Types.ChainKey chainKeyStructure = Chain.Types.ChainKey.CreateBuilder()
.SetKey(ByteString.CopyFrom(chainKey.getKey()))
.SetIndex(chainKey.getIndex())
.Build();
Chain chain = Chain.CreateBuilder()
.SetChainKey(chainKeyStructure)
.SetSenderRatchetKey(ByteString.CopyFrom(senderRatchetKey.serialize()))
.Build();
sessionStructure = sessionStructure.ToBuilder().AddReceiverChains(chain).Build();
if (sessionStructure.ReceiverChainsList.Count > 5)
{
sessionStructure = sessionStructure.ToBuilder().Build();
}
}
/**
* Encrypt a message.
*
* @param paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
* @return A ciphertext message encrypted to the recipient+device tuple.
*/
public CiphertextMessage encrypt(byte[] paddedMessage)
{
lock (SESSION_LOCK)
{
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
SessionState sessionState = sessionRecord.getSessionState();
ChainKey chainKey = sessionState.getSenderChainKey();
MessageKeys messageKeys = chainKey.getMessageKeys();
ECPublicKey senderEphemeral = sessionState.getSenderRatchetKey();
uint previousCounter = sessionState.getPreviousCounter();
uint sessionVersion = sessionState.getSessionVersion();
byte[] ciphertextBody = getCiphertext(messageKeys, paddedMessage);
CiphertextMessage ciphertextMessage = new SignalMessage(sessionVersion, messageKeys.getMacKey(),
senderEphemeral, chainKey.getIndex(),
previousCounter, ciphertextBody,
sessionState.getLocalIdentityKey(),
sessionState.getRemoteIdentityKey());
if (sessionState.hasUnacknowledgedPreKeyMessage())
{
SessionState.UnacknowledgedPreKeyMessageItems items = sessionState.getUnacknowledgedPreKeyMessageItems();
uint localRegistrationId = sessionState.GetLocalRegistrationId();
ciphertextMessage = new PreKeySignalMessage(sessionVersion, localRegistrationId, items.getPreKeyId(),
items.getSignedPreKeyId(), items.getBaseKey(),
sessionState.getLocalIdentityKey(),
(SignalMessage)ciphertextMessage);
}
sessionState.setSenderChainKey(chainKey.getNextChainKey());
if (!identityKeyStore.IsTrustedIdentity(remoteAddress, sessionState.getRemoteIdentityKey(), Direction.SENDING))
{
throw new UntrustedIdentityException(remoteAddress.Name, sessionState.getRemoteIdentityKey());
}
identityKeyStore.SaveIdentity(remoteAddress, sessionState.getRemoteIdentityKey());
sessionStore.StoreSession(remoteAddress, sessionRecord);
return(ciphertextMessage);
}
}